ProctorU hacked – Western Sydney University responds

image_print

On 28th July 2020, cyber-security publication BleepingComputer reported that a hacker group, known as ShinyHunters, was leaking stolen user databases from a variety of websites. Among them was ProctorU – the online proctoring service used to monitor 45% of Western Sydney University (WSU) exams last semester.

Critical user information leaked

Hackers published 444,000 user records from ProctorU databases. The leaked information included usernames, passwords and addresses. University of Sydney, University of New South Wales and University of Melbourne have been reported as victims of the breach. W’SUP reached out to authorities at WSU to investigate their response to the crisis.

Read more: All ProctorU questions answered – WSU responds to FAQs

Western Sydney University unharmed by data breach

A Western Sydney University spokesperson informed W’SUP that AusCERT has investigated the breach on behalf of all Australian universities. The investigation concluded that Western Sydney University was not affected by the cyber-attack.

The spokesperson added that the exposed data was from a testing server and included information on clients from 2016 and before. This precludes WSU’s use of the service and thus no personal records were stolen. ProctorU has assured the spokesperson that security has been further tightened since this incident.

Furthermore, ProctorU is obligated to disclose any confirmed data breach within 48 hours, as per their contract with the university.

ProctorU’s future at Western Sydney University

Despite the widely publicised security failure, ProctorU is here to stay. The spokesperson mentioned that online proctoring was necessary to ensure high levels of academic integrity. However, the university is scaling down the number of exams being proctored online.

In the autumn/1H 2020 examination period, 45% of exams were conducted using ProctorU. For spring/2H 2020, only 10% of exams will be conducted via the service. The spokesperson has mentioned that these exams need to be invigilated online to ensure course progression and meeting accreditation requirements.

Student concerns justified

Western Sydney University students had previously raised questions about ProctorU. Around 3,500 WSU students had signed a petition opposing the use of ProctorU. They had suggested alternatives to traditional final exams, such as implementing take home exams instead. News of the breach has bolstered existing concerns about invasion of privacy and insufficient data security. It remains to be seen whether similar demands will be made despite reassurance from the WSU authorities.

Read more: Is WSU forcing students to install software that invades their privacy?

Western Sydney University maintains full control of exam data

A spokesperson from WSU assured W’SUP and students that the only data collected is that which relates directly to the operation of the exam. The university also has an agreement to ensure that ProctorU protect student and staff data in accordance with university policy. All data is owned and controlled by the university which is then deleted after the exam results are finalised.

Data protection tips for students

  • Keep separate email accounts for uni, banking and social media.
    • Ensure that each account has a unique password not used in another.
  • Frequently change the passwords used in all online accounts.
    • Leaked passwords pose a minimal threat if passwords are changed often.
    • Use dedicated password protection services as opposed to Google’s built-in password manager.
  • Create a secondary account on your computer which will not have admin access.
    • Use this account for installing and undertaking ProctorU Live+ exams.
  • Ensure that the ProctorU extension and any additional file is deleted after all your exams are over.
  • Use a secondary browser for taking your exams.
    • If Google Chrome is your most used browser, take the exam on Mozilla Firefox (unless advised of incompatibility by ProctorU).

Student Representative Council (SRC) responds to ProctorU

The Student Representative Council (SRC)  has put out a three-part post on Facebook. This details their response to the use of ProctorU for examinations. The posts are arranged in the following order :

  1. Part 1
  2. Part 2
  3. Part 3.

 

 

Ishmamul Haque

Ishmamul Haque studies ICT and Accounting though writing remains his one true love. He is…

You may also be interested in

May 18, 2024

Fantasy Book Recommendation Corner 

Read the latest novel recommendations from Symphony Chakma, a book lover and member of the WSU Book Club! Find out why these stories mean so much…...
By Symphony Chakma 
May 7, 2024

Creating a culture of safety around sexual harm at Western

TW: This report contains content about sexual harm that some readers may find distressing. You can find support services and resources below. When a U...
By Lauren Graham
May 7, 2024

Western Sydney University students run a bake sale to raise money for charity

Alicia Deans tells us about how Western Sydney University students have run a bake sale to raise money for charity......
By Alicia Dean