Team GhostShell: Back with a bang and after your data

The group has re-emerged from the shadows with a reported stream of hacks and data thefts in the past 24 hours.


Team GhostShell, well-known for a string of high-profile hacks in the past, has taken itself off hiatus and returned with hacks and database pillaging.

The hacking group claims to have hacked a long list of websites in the past 24 hours. Taking to Twitter, Team GhostShell posted links to a number of Korean and Japanese websites, educational portals, university websites and travel websites which the team claims to have broken into.

The named websites and services do not appear to follow a particular trend or pattern -- and so they may simply have been hacked because they can be.

The University of Southern California, Princeton UCHV, the University of Delhi and the University of Maryland are among those allegedly which suffered a data breach.

Team GhostShell's link lists include a number of database information dumps. When inspected, a number of the text files -- hosted on websites including hastebin -- include database and server details.

However, some of the files appear to have leaked sensitive information including names, email addresses, physical addresses, Skype names, phone numbers and other personally identifiable data.

As noted by Symantec researchers, some of the data dumps appear to show passwords which are salted and hashed, whereas others are just hashed -- or stored in plain text. Unfortunately, the infamous "123456" password is present.

Just to make sure the group was noticed, Team GhostShell also taunted cybersecurity forensics firm FireEye and the company's research team:


The last update was 15 hours ago. However, it is not known if Team GhostShell plans to continue the alleged hacking spree.

Team GhostShell was extremely active in 2012. The hacktivist group leaked hundreds of thousands of records from top universities, and also took on entities such as NASA, the Pentagon, and a variety of government agencies and political groups.

Several years ago the group used SQL injections to compromise databases and steal records. However, it is currently unknown whether this latest stream of hacks is thanks to the same method.

ZDNet has reached out to organizations and institutes apparently involved and will update if we hear back.

Read on: Top picks

Show Comments