Australian Universities - ProctorU

ProctorU, an online exam surveillance and proctoring platform used by Australian universities, suffered a data breach exposing 444,000 user records globally, including Australian university students.

What Happened

Hacker group ShinyHunters published a database of 444,000 ProctorU user records as part of a larger release of 386 million records from various services. The breach exposed user data from ProctorU accounts created on or before 2014, including unencrypted passwords along with personally identifiable information.

While many Australian universities began using ProctorU's online proctoring services in 2020 in response to the COVID-19 pandemic, the exposed data related to earlier users of the platform. The database included records with email addresses from at least ten major Australian universities.

Impact on Individuals

Students who used ProctorU before 2015 faced risks of identity theft and credential-based attacks. The breach exposed full names, residential addresses, email addresses, and critically, unencrypted passwords. The exposure of plaintext passwords was particularly concerning given widespread password reuse, potentially enabling unauthorised access to other accounts.

Organisational Response

Australian universities launched investigations into the breach. Swinburne University stated that only a small number of students had been impacted. Universities advised students to change passwords and remain vigilant for phishing attempts. The incident highlighted the risks of relying on third-party platforms for critical educational services.