• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 35,000 monthly views (unique) and 208,000 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Phishing Emails Claim ‘We Got Hacked’ at University of Pennsylvania, Threaten to Leak Data

johny899

New Member
Content Writer
Messages
675
Reaction score
3
Points
23
Balance
$835.7USD
Imagine opening your inbox and seeing a frightening message with the subject, "We got hacked (Action Required)" from your former university. That's precisely what happened to University of Pennsylvania (Penn) employees, faculty, and students this week.

What actually happened​

Here's the short version:
  • Many students, faculty, and alumni at Penn received email messages from the university stating it was hacked.
  • The subject line was, "We got hacked (Action Required)", and the body of the email was filled with derogatory statements and numerous profane words regarding the university.
  • The individual, who sent the email, claimed they had stolen private information and threatened to release it.
  • Penn's IT team sent a message indicating the email was not real and suggested to disregard the email.
  • The email was distributed via one of Penn's official email lists, creating the appearance that it was legitimate.
In summary, it appeared the email was from the University of Pennsylvania — but it was not.

Why does this matter?​

Even if you weren’t a student at Penn, this event is still significant. Here’s why:
  • Universities keep a large amount of private information — names, addresses, grades and sometimes financial information.
  • If hackers did gain access, that information could be leaked online or sold.
  • The emails also included political slurs, indicating that this might involve being critical of Penn’s data practices, beyond just a hack.
  • Worse, the emails were from an official mailing list system (Salesforce Marketing Cloud) — not just some random spam account. That is clever, and unsettling.

What we don’t know​

There are still some big questions that remain unanswered:
  • How many people received the fake email?
  • Did hackers actually steal any actual data?
  • Who sent it — and why would they target Penn?
  • Was Penn’s system actually hacked, or did someone just spoof an email address?
Currently, Penn is still looking into all of this.

My perspective​

To be honest, I find this type of attack interesting. This isn't your average "click here" scam. This is more of a public service announcement and cyber-bullying at the same time. The hackers were looking for attention, and they got it!

If I happened to work for a university, I would be quickly doing any number of the following:
  • Identifying the persons who have access to mailing lists.
  • Changing all mail passwords.
  • Informing users that they should not click on links or reply to suspicious emails.
  • Telling users exactly what a breach has taken place - no cover-up and no creating fear.
Please consider doing the same as well...

Even if you are not associated with Penn, use this as a reminder:
  • Don't trust every "urgent" email - always check the email sender address.
  • If you want to validate information, go to the known website.
  • Don't click random links or provide personal info.
  • Ask your workplace or school if they have strong email security.
 
You must log in or register to reply here.
Menu
Log in
Register