Disclosures:
Our Reviews

WizCase includes reviews written by our experts. They evaluate the products/services in accordance with their professional standards.

Ownership

Kape Technologies PLC, the parent company of Wizcase, owns CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Referral fees

Wizcase may earn an affiliate commission when a purchase is made using our links. However, this has no influence on the content of the reviews we publish or on the products/services reviewed. Our content may include direct links to buy products that are part of affiliate programs.

Reviews standards

All reviews published on Wizcase meet our strict reviewing standards, in order to ensure that each review is based on the reviewer's independent, honest, and professional examination of the product/service. Such standards require the reviewer to consider the technical qualities and characteristics of the product alongside its commercial value for users, which may affect the product's ranking on the website.

Data Breach: Student Data Compromised in Leak Involving Libyan Ministry of Education

Last Updated by Cyber Research Team on June 16, 2021

WizCase has recently found an open Elasticsearch database from the Libyan Ministry of Education. The server contained 2GB of data with PIIs, including full names, passport numbers, photos, email addresses, and more from more than 55,000 exchange students from around the world.

What’s Going On?

The WizCase web security team, led by Avishai Efrat, discovered a 2GB data leak originating from the Libyan Ministry of Education. The server, which is hosted in Germany and uses an Elasticsearch engine, contained personal details for over 55,000 exchange students from around the world.

The Libyan Ministry of Education has a program that assists students in finding suitable exchange programs. It’s these students whose data was compromised in the data leak.

The leaked data included:

  • Full Name
  • Email address
  • Passport and ID numbers
  • Date of Birth
  • Photos
  • Degrees
  • Country of Origin
  • Destination Country
  • Marital Status
  • Phone Number
  • Thesis Details
  • Transfer approval decision
  • Start and end dates of the educational programs
  • Tuition Costs
  • Scanned copies of formal letters directed at the students
  • Student Information (student number, user status, start & end dates, etc.)
  • Employer

Screenshot of a data breach in The Libyan Ministry of Education showing students private information data

Whose Data is Available and What Are the Consequences of Such a Leak?

The students who took part in this program weren’t necessarily going to university in Libya. The Ministry of Education in Libya supports college and university scholarships around the world. The students that were found in this link are presumably part of this program.

The data that we found is connected with students from all over the world. You can see in the list below some of the major countries that were connected with the leak. Based on the data, the students are either originally from these countries or it’s the location of their transfer.

  1. UK
  2. Egypt
  3. Turkey
  4. USA
  5. Canada
  6. France
  7. South Africa
  8. Australia

By not securing their Elasticsearch database the Libyan Ministry of Education has opened the students up potentially severe online attacks, not to mention the complete lack of privacy.

Some of the documents that we found included whether a student was accepted or rejected from the program, Letters in Arabic that contained full PIIs of the students, letters that didn’t include any PIIs but discussed the current status of extending or rejecting a Ph.D., tuition costs, and more.

Students who are in the database are susceptible to a variety of both online and real-life attacks. These include, but are not limited to:

  • Identity Theft: All the data a scammer or a hacker would need to commit identity theft, such as a passport number, was easily accessible in this leak. One possible scam would be for a hacker to use the student’s name and make a grant request. The grant money would then be routed to the scammer instead of the student.
  • Phishing: A scammer could have enough information with the passport number, student ID number, level of education, or whether they were accepted in the program to write a convincing phishing email. This can be used in an attempt to get additional valuable information out of them. This will increase the chances of the victims to follow phishing links in the attacker’s email.
  • Catfishing: Once the hacker gets access to all this private data, it would be easy to create a fake identity on a social network and try and gain the trust of others, while posing as a friend or acquaintance.
  • Phone Call Scams: Student phone numbers were available in the leak. This gives scammers an easy opportunity to combine that with all the other leaked data and attempt to extort or trick the student into providing sensitive data.

How Did This Happen and What to Do Now?

The website that the Libyan Ministry of Education uses for its student portal had an unsecured Elasticsearch database storing all of the information. By default, Elasticsearch doesn’t automatically activate password authentication when it is installed, and no one at the Ministry of Education adjusted the default settings.

Servers of this sort should also never be exposed like this, with no IP whitelisting and authentication mechanism – they’re originally built to be kept within internal network perimeters. Furthermore, the logging of cleartext private information such as what was in this leak should be reconsidered.

If you’re a student who participated or is participating in this program you should be on the lookout for emails with suspicious links or phone calls asking for account information or other private details. You should also be vigilant in checking your online accounts for any suspicious or unusual activity.

As a general rule, it’s always recommended to use a reputable antivirus program and a VPN to protect your private data, and keep malware, phishing attacks, and other cyber-attacks from successfully attacking your computer. If you’re not sure a VPN is, or how it can help you, check out this VPN beginner’s guide for more details.

Who is WizCase and Why Should We Trust You

WizCase is a leading web security website that is available in 30 languages and reaches millions of readers per year. We have verified this data by randomly email addresses that we found and matching them up with social media accounts or other public resources. The names and details that we were able to see have all matched up.

Libya’s Ministry of Education didn’t respond to our inquiry, and so we contacted Libya’s Computer Emergency Response Team (CERT) which failed to reply as well. The hosting company was also contacted and answered that it can only update the customer and not mitigate the issue. Finally, we have been in touch with Africa’s CERT which has reported the leak to the Libyan CERT directly, which in turn has contacted Libya’s Ministry of Education. We received an update on December 2nd from AfricaCERT that the leak is closed, and after testing the database we can confirm that it has been secured.

Did you enjoy this article? Share it!
I hated it I don't really like it It was ok Pretty good! Loved it!
4.70 Voted by 5 Users
Title
Comment
Thanks for your feedback
Cyber Research Team
The WizCase Cybersecurity Research Team aims to investigate and uncover the latest threats on the internet. The global research team uses ethical hacking methods to shine a light on data breaches, privacy leaks, and security flaws within online communities and organizations.