Going by @DARWINARE on Twitter, a 19 year old hacker breached the University of Nairobi’s servers last week. The hacker has compromised other servers belonging to education institutions in the past year including the University of Colorado Boulder. @DARWINARE found an sql injection vulnerability on the institutions database servers. Using sqlmap, @DARWINARE was able to dump a lot of information from the server. Some of the schemas and data can be found at pastebin
Weighing in at 1.19 MB, the dump contains user ids, hashed passwords and ip addresses. The university left a lot of sensitive information open to attack by ignoring the security of their database servers. University Of Nairobi is ranked at 116,208 by Alexa. On an email interview with @Cyber_War_News, the hacker says that breaches happen because information happens to be at the wrong place at the wrong time.