A Russian-speaking hacker provided a list to an online publication claiming that he had breached 63 different agencies and institutions. RIT was one of the institutions on the list.
The term “breach” is a bit of a misnomer. The attacker found what’s known as a SQL injection vulnerability in one student website hosted on people.rit.edu. A SQL injection vulnerability typically occurs when someone is able to enter unexpected data (such as commands) into a login field, gaining access to portions of the database to which they shouldn’t have access.
What RIT is Doing
RIT is remediating and verifying... ...