Threat Management

GhostShell targets personal data at top-rated colleges

Team GhostShell, an Anonymous-related hacktivist collective, is at it again, this time targeting the top-rated universities domestically and internationally.

The group claims it hacked the servers of a laundry list of prestigious institutions, including Princeton, Harvard and Johns Hopkins universities, exposing, at the minimum, the email addresses, passwords, IDs and names of students and faculty.

On Monday, GhostShell posted information from more than 120,000 accounts and records gathered from servers at 100 universities.

Calling the incident part of the “Project West Wind” campaign, group leader “DeadMellox” tweeted about the dump the same day, linking to a document posted on Pastebin.

In late August, GhostShell claimed responsibility for a leak involving one million user accounts, stolen from around 100 websites for government agencies, banks, consulting firms and other institutions. The group also is connected to a breach in May affecting the University of Maine's Orono campus, where the personal data of nearly 4,000 people was compromised after Social Security and credit card numbers were accessed by hackers.

In the Pastebin message, GhostShell said that the recent attacks were launched to bring attention to various grievances the group holds toward the educational systems in the United States, Europe and Asia. The hackers cited growing tuition fees, frequently changing laws and heavily regulated teaching.

Perhaps telling of the vulnerability of the academic landscape, the group said it discovered that many of the targeted college's servers already had been  infected with malware.

A spokesperson from University of Michigan, which had seven servers listed as having been hacked, did not immediately respond on Monday to a request for comment from

A spokesman at New York University, where two servers may have been made accessed by hackers, told on Monday that the school's IT department had been contacted about the matter. A spokesman at Johns Hopkins University also confirmed that IT staff was looking into allegations that five servers were infected. also reached out to the U.S. Department of Education for comment, which has yet to respond.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.