ProctorU hacked – Western Sydney University responds

by | Sep 6, 2020 | Campus News

On 28th July 2020, cyber-security publication BleepingComputer reported that a hacker group, known as ShinyHunters, was leaking stolen user databases from a variety of websites. Among them was ProctorU – the online proctoring service used to monitor 45% of Western Sydney University (WSU) exams last semester.

Critical user information leaked

Hackers published 444,000 user records from ProctorU databases. The leaked information included usernames, passwords and addresses. University of Sydney, University of New South Wales and University of Melbourne have been reported as victims of the breach. W’SUP reached out to authorities at WSU to investigate their response to the crisis.

Read more: All ProctorU questions answered – WSU responds to FAQs

Western Sydney University unharmed by data breach

A Western Sydney University spokesperson informed W’SUP that AusCERT has investigated the breach on behalf of all Australian universities. The investigation concluded that Western Sydney University was not affected by the cyber-attack.

The spokesperson added that the exposed data was from a testing server and included information on clients from 2016 and before. This precludes WSU’s use of the service and thus no personal records were stolen. ProctorU has assured the spokesperson that security has been further tightened since this incident.

Furthermore, ProctorU is obligated to disclose any confirmed data breach within 48 hours, as per their contract with the university.

ProctorU’s future at Western Sydney University

Despite the widely publicised security failure, ProctorU is here to stay. The spokesperson mentioned that online proctoring was necessary to ensure high levels of academic integrity. However, the university is scaling down the number of exams being proctored online.

In the autumn/1H 2020 examination period, 45% of exams were conducted using ProctorU. For spring/2H 2020, only 10% of exams will be conducted via the service. The spokesperson has mentioned that these exams need to be invigilated online to ensure course progression and meeting accreditation requirements.

Student concerns justified

Western Sydney University students had previously raised questions about ProctorU. Around 3,500 WSU students had signed a petition opposing the use of ProctorU. They had suggested alternatives to traditional final exams, such as implementing take home exams instead. News of the breach has bolstered existing concerns about invasion of privacy and insufficient data security. It remains to be seen whether similar demands will be made despite reassurance from the WSU authorities.

Read more: Is WSU forcing students to install software that invades their privacy?

Western Sydney University maintains full control of exam data

A spokesperson from WSU assured W’SUP and students that the only data collected is that which relates directly to the operation of the exam. The university also has an agreement to ensure that ProctorU protect student and staff data in accordance with university policy. All data is owned and controlled by the university which is then deleted after the exam results are finalised.

Data protection tips for students

  • Keep separate email accounts for uni, banking and social media.
    • Ensure that each account has a unique password not used in another.
  • Frequently change the passwords used in all online accounts.
    • Leaked passwords pose a minimal threat if passwords are changed often.
    • Use dedicated password protection services as opposed to Google’s built-in password manager.
  • Create a secondary account on your computer which will not have admin access.
    • Use this account for installing and undertaking ProctorU Live+ exams.
  • Ensure that the ProctorU extension and any additional file is deleted after all your exams are over.
  • Use a secondary browser for taking your exams.
    • If Google Chrome is your most used browser, take the exam on Mozilla Firefox (unless advised of incompatibility by ProctorU).

Student Representative Council (SRC) responds to ProctorU

The Student Representative Council (SRC)  has put out a three-part post on Facebook. This details their response to the use of ProctorU for examinations. The posts are arranged in the following order :

  1. Part 1
  2. Part 2
  3. Part 3.

 

 

Author

Similar Articles

Connect with us