Bottom line: An IDOR vulnerability in the Moodle installation allowed guests to access 40,600 user profiles; critical academic data remained protected, and the attacker published the data after failed extortion attempts.
Saarland University confirms a cyberattack on its Moodle instance in April, affecting over 40,000 user profiles. The attacker exploited an IDOR vulnerability and subsequently attempted to extort the university.
Saarland University confirms a cyberattack on its Moodle learning platform that occurred in April. A total of 40,600 user profiles were affected. The attacker’s access was primarily limited to profile pages and the student names stored there. In approximately 1,300 accounts, voluntarily provided additional information such as private email addresses, hobbies, or social media links was also compromised; these individuals have already been contacted by the university.
According to the university, critical data did not fall into the attacker’s hands: access credentials, passwords, exam results, grades, and other performance records remained untouched. For a CISO’s risk assessment, the attack vector is relevant: the attacker, operating under the pseudonym StrikerDE, achieved the compromise through an IDOR vulnerability (Insecure Direct Object Reference) in the backend. Guests had been unexpectedly granted extensive access rights, enabling the attacker to systematically test user IDs.
After the breach, the attacker attempted to pressure the university. The university responded with immediate criminal charges filed with police and notification to the responsible data protection authority. Subsequently, existing security measures were reviewed and improved in several areas. After failed extortion negotiations, StrikerDE published the data in May in a forum on the Tor network and publicly announced having another university in its sights.
Source: www.it-daily.net · Published 7 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.