Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=240158977
Members of the Stanford community were emailed a warning of an "apparent breach" Wednesday night by Randy Livingston, VP for business affairs and chief financial officer for the university. Users of the Stanford network should change their passwords "as a precautionary measure," he wrote.
"We do not yet know the scope of the intrusion, but we are working closely with information security consultants and law enforcement to determine its source and impact," Livingston continued. "We are not aware at this time of any protected health information, personal financial information or Social Security numbers being compromised, and Stanford does not conduct classified research."
Like many prominent institutions, Stanford "repels millions of attempted attacks on its information systems each day," Livingston wrote. As The New York Times recently reported, universities are reporting a rising incidence of cyberattacks. Many of the attacks are thought to be from China. "Preliminary indications are that the breach at Stanford bears many similarities to these incidents," Livingston wrote. He promised to provide updates to users as more information becomes available.
[ How do the National Security Agency's data-combing practices affect you personally? Read How NSA Data Demands On Microsoft Shape Your Security. ]
Stanford communications office spokesman Brad Hayward said Thursday that he had no update on the status of the investigation but warned against speculation about the incident.
One incident that could be related: a Pastebin data dump of a database of names, email addresses and mailing addresses turned up in May under the headline "Stanford University Hacked By Ag3nt47." While there was nothing particularly sensitive in the published data, it could represent the ability to probe other databases connected to Stanford University websites. On Twitter, the owner of the same account, a self-described "retired American hacker," recently posted a warning to Princeton University of SQL injection vulnerabilities on its website, suggesting an interest in university security.
SQL injection is a type of Web application vulnerability that allows an attacker to pass commands to the underlying database, causing the application to display the results of any query.