Friday, March 29, 2024

AdvertiseDonateSubmit
NewsSportsArtsOpinionThe QuadPhotoVideoIllustrationsCartoonsGraphicsThe StackPRIMEEnterpriseInteractivesPodcastsBruinwalkClassifieds

UCLA website hacked, no student information or sensitive data affected

UCLA spokesperson Ricardo Vazquez said although the UCLA Atmospheric and Oceanic Sciences website was affected by a cryptojacking campaign, UCLA patched the site after being notified by Drupal and removed the code causing the hijacking. (Daily Bruin file photo)

By Sharon Zhen

May 10, 2018 8:11 p.m.

The UCLA Atmospheric and Oceanic Sciences website was affected by a hack that converted websites into cryptocurrency mining platforms, the university confirmed Wednesday.

Troy Mursch, a security researcher, said in his updated blog post Monday that UCLA’s Atmospheric and Oceanic Sciences website was affected by a cryptojacking campaign that targeted vulnerable Drupal websites. About 348 websites were compromised, including that of the U.S. National Labor Relations Board and Lenovo, a technology company.

Drupal is an open-source content management system the UCLA Information Technology Services department uses to build and maintain websites, according to the UCLA IT website. It also allows UCLA-affiliated groups and individuals with no programming or technical experience to create websites.

The cryptojacking campaign injected malicious code into websites running an outdated version of Drupal content management system to infect websites and turn them into platforms to mine cryptocurrency.

In late March, Drupal announced a vulnerability in its operating system that would allow hackers to compromise websites using Drupal’s services. Last month, the company announced there have been attack attempts on certain Drupal websites and advised users to assume their sites have been targeted if they had not been patched by April 11.

UCLA spokesperson Ricardo Vazquez said although the UCLA Atmospheric Sciences website was affected, the university does not have knowledge of any visitors’ computers being affected. He added UCLA patched the site after being notified by Drupal and had removed the code causing the hijacking.

Vazquez said that no sensitive or student data was disclosed and if a user’s computer was affected, they should close their browser and restart their computer.

Share this story:FacebookTwitterRedditEmail
Sharon Zhen
Zhen is an assistant news editor for the national and higher education beat. She was previously a contributor for the campus politics beat and an online contributor.
Zhen is an assistant news editor for the national and higher education beat. She was previously a contributor for the campus politics beat and an online contributor.
COMMENTS
Featured Classifieds
More classifieds »
Related Posts