A hacker claimed responsibility for a major security breach at the University of Pennsylvania, exposing data on 1.2 million donors and internal systems. The attacker accessed sensitive information and used Salesforce Marketing Cloud to send offensive emails, highlighting significant security vulnerabilities. #PennDataBreach #SalesforceHacked
Keypoints
- The hacker gained full access to multiple university systems including PennKey SSO, VPN, Salesforce, and SharePoint.
- Approximately 1.2 million individualsβ personal and demographic data were exfiltrated during the attack.
- The breach was executed by exploiting security lapses, with the attacker claiming the intrusion was straightforward.
- The attackers used the compromised Salesforce Marketing Cloud account to send offensive emails to around 700,000 recipients.
- University donors are advised to be vigilant against phishing and social engineering scams related to the breach.