Based on the latest dark web monitoring conducted by our researchers in iZOOlogic, we discovered that a hacker under the username of ‘unvisible’ is advertising and selling the database of teachers from Uganda on a popular hacking forum.
These compromised data of the Ugandan teachers came from the TMIS or Teacher Management Information System website (https://tmis[.]go[.]ug/). It was August 15 when the advertisement was first posted on the hacking forum by the threat actor, who sells the database for a price range that starts at $200.
Most of the stolen data are from teachers in Uganda whose data are held by the compromised TMIS website.
We also found that more than 240,000 users of the TMIS website were included in the leak, most of whom were teachers. Upon assessing the threat actors’ advertisements, they mentioned that the offered data would be sent to the buyer through a CVS file format where massive data is compiled.
Furthermore, the stolen data from the TMIS website involves sensitive details of the users from Uganda, including their full names, ages, date of birth, certificate numbers, email addresses, and telephone numbers.
As of writing, the educational organisation that manages the affected TMIS website has not yet released any statement regarding the incident. There are also no other updates regarding the data breach from the hacker, aside from publishing the data on their hacking forum account.
Our researchers in iZOOlogic have already spotted numerous hacking and data breach incidents in the current fast-pacing cybercriminal landscape, not just in Uganda but also from different countries worldwide. Most of the advertised databases are aimed to be sold to other threat actors who would use the obtained sensitive information to perform further attacks on the victims, such as phishing and online fraud.
Given this situation, we eagerly advise organisations to implement strong cybersecurity measures on their websites or online platforms to avoid these kinds of hacker infiltration. While some organisations remain laid back with their security on the web, threat actors will continue to take advantage of it to execute their malicious intents and campaigns.
