TU Eindhoven hackers had access to log-in details of employee, student: report

The hack at Eindhoven University of Technology (TU/e) earlier this month was possible because the cyber attackers had the login details of at least one employee and one student, insiders told the Volkskrant. With that data, they could log into the university’s Windows domain via various accounts. The university quickly noticed and took its network offline during the early hours of Sunday, January 12.

According to the newspaper’s sources, the login details used for the TU/e hack were later found in criminal data, such as the log data of known information stealers. Information stealers are a type of malware that searches victims’ computers for passwords, cookies, emails, financial information, and the like. They basically steal a victim’s digital identity.

The exact circumstances of the hack are still being investigated, in collaboration with the cybersecurity company Fox-IT. It is not yet known whether the attackers had criminal intentions or whether they were looking for scientific data or other intellectual property.

The systems at TU/e have been working again since Sunday, January 19, and education resumed on Monday. The university would not comment to the newspaper. “We will announce our insights when the investigations are completed and do not want to get ahead of that,” a spokesperson said.

TU/e shared information about the hack with other educational institutions, prompting at least Radboud University Nijmegen to take accelerated measures to secure logins with additional authentications.

The hack at TU/e is similar to a cyberattack at the University of Amsterdam (UvA) and the Amsterdam University of Applied Sciences (HvA) in February 2021. In that attack, the attackers also used stolen login details to get access to the educational institutions’ network. Unlike in Eindhoven, the hack went unnoticed for a long time, a report from the Institute for Safety and Crisis Management later revealed. The hackers compromised 62 systems, equipping many of them with a backdoor, and took over 10 management accounts.