ShadowByt3s compromised the Ellucian PowerCampus platform via misconfigured Amazon S3 buckets and Azure blobs managed by Neoskool, exposing data from more than eight schools in Manipur and Meghalaya. Stolen records include student photos, Aadhaar numbers, plaintext passwords, medical alerts, timetables, staff PII, and financial/academic files, while the actor claims write/delete cloud access and is extorting Ellucian. #ShadowByt3s #EllucianPowerCampus
Keypoints
- ShadowByt3s exploited misconfigured S3 buckets and Azure blobs operated by Neoskool to breach Ellucian PowerCampus.
- Data from 8+ schools (Nursery to Class 12) in Manipur and Meghalaya was exposed, including student ID photos and Aadhaar numbers.
- Compromised records include plaintext passwords, medical alerts (e.g., “MUMPS.jpeg”), fee/payment and financial aid details, marksheets, and staff contact lists.
- AWS canary files and manifests show the attacker has write and delete access, enabling potential data modification or destruction.
- The group is extorting Ellucian, recruiting insiders with a 30/70 revenue split, and has published samples on a dedicated leak site.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!