What Happened
On June 17, 2020, Cebu Normal University's Learning Management System (lms.cnu.edu.ph) was breached by the hacker group Pinoy Grayhats. The attack occurred on the same day as breaches against Far Eastern University, Tarlac Agricultural University, University of St. La Salle, ICCT Colleges, and AMA University.
Broader Context
CNU was one of over 20 Philippine schools hacked in June 2020 alone. The Pinoy Grayhats group stated they had checked school websites from May to June 2020 and found at least 20 with vulnerabilities. They claimed their goal was to expose security weaknesses and push schools to improve their security posture.
How to Prevent This
- 1.Conduct regular security assessments of LMS platforms — learning management systems are high-value targets that contain student data
- 2.Keep LMS software updated — apply security patches promptly
- 3.Implement strong authentication — require MFA for admin and staff LMS accounts
- 4.Use parameterized queries — prevent SQL injection in custom LMS modules
- 5.Monitor for unauthorized access — enable logging and alerting on LMS admin actions
Sources & References
- [1]Manila Bulletin — FEU calls on students to reset passwords — CNU mentioned as part of broader wave (June 19, 2020)
- [2]Secuna Blog — More than 20 Philippine schools hacked just this June — CNU listed among affected institutions
- [3]GitHub (ajdumanhug/gothacked) — Registry of Philippine school hacking incidents — CNU LMS listed June 17, 2020 by Pinoy Grayhats
CNUCebuLMSPinoy GrayhatsCOVID-19 online learning