Security holes in websites of universities in China put private information of millions at risk

PUBLISHED : Thursday, 21 May, 2015, 11:16am
UPDATED : Thursday, 21 May, 2015, 11:45am

Thousands of high-risk vulnerabilities have been found on the websites of more than 1,000 Chinese universities.

According to a report in the Economic Information Daily, from April 2014 to March 2015, 3,495 security loopholes were discovered on 1,088 university websites, including those of prestigious institutions such as Peking University and Tsinghua University. Of these, almost 75 per cent were high-risk vulnerabilities.

The loopholes could potentially give hackers access to the private information of millions of university students and staff.

Ma Minhu, director of Xi'an Jiaotong University's Information Security Law Research Centre, said that as well as privacy risks, information on sensitive research and military projects could also be leaked, the consequence of which could be "very serious".

In October 2014, the Ministry of Education issued guidance requiring all colleges and universities to strengthen their information security and adopt national standards. Despite repeated warnings however, researchers told the newspaper, almost 95 per cent of vulnerabilities remain unaddressed.

Chinese university websites aren't the only ones with serious security flaws. It was revealed this week that celebrity Kim Kardashian's personal site put users at risk of malware and potential identity theft.

Security researcher Jamie Woodruff went public with his findings after repeated warnings to the administrators of went ignored.

“If the fans use the website, they could be at risk of downloading infected software; or worse, their information could be stolen from the database,” Woodruff told the Daily Dot.

In 2014, Russian hackers stole information from more than 420,000 websites, amassing 1.2 billion username and password combinations and more than 500 million email addresses, according to US-based research firm Hold Security.

According to PricewaterhouseCoopers, the number of detected cyber attacks rose 48 per cent in 2014, compared to the year before. This rise is expected to continue in 2015, with more than 100,000 attacks taking place every day.