Skip to Content

Information Security Office

Princeton Student Hacks Yale Computer System

By Adam Dodge - Posted on August 14th, 2002
Quick Facts
Date: 8/14/2002
Institution: Yale University
Type of Incident: Penetration
Number Affected: 11
Source: INFOSEC Year In ReviewNewsScan
Abstract Source: NewsScan via INFOSEC Year In Review
Abstract
Princeton University has admitted that its admissions personnel hacked into rival Yale's computer system to check on the applications status of 11 students who also had applied to Princeton. The university has suspended with pay its associate dean and director of admissions, and a spokeswoman expressed deep regret "that information provided by students in good faith to the university was used inappropriately by at least one official in our admissions office." The perpetrator(s) apparently were easily able to access the students' records via the publicly available Yale.edu Web site because they already had the students' passwords -- the names, Social Security numbers and dates of birth they had provided on their Princeton applications. The site had been set up with a feature that enabled students to check on the status of their applications themselves. The founder of one electronic-rights group noted that while Princeton's actions clearly were wrong, it was foolish of Yale to rely on Social Security numbers and birth dates to secure student data. "It's not enough to have a weak Web site and depend on the good ethical behavior of others not to penetrate it," he said. "Similarly, it is not dequate to say that just because you found the weak Web site you should go ahead and penetrate it." (Wall Street Journal 26 July2002)
[Abstract taken directly from INFOSEC Year In Review]