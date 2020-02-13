The Institute of International Education (IIE), an age-old educational organization that manages numerous leading international scholarship and fellowship programs in several countries, has discovered that parts of its database have been left unprotected and open to the public. The vulnerable database was detected by security researcher Bob Diachenko, who found the databases indexed in the public domain on January 29. He then reported the vulnerability to the IIE, but stated that after several attempts he had not received communication from IIE to reach the organization.

Fortunately, IIE patched the open database with access to private data of thousands of students on 6 February. No communication has been made between IIE and Diachenko, who have reported the infringement, about a recognition of the vulnerable database or a verification of the error being patched. News18 had also independently contacted multiple contact points at IIE, but received no reply after 10 days of contact with the organization.

The database that was made public did not contain direct entries of sensitive student documents, but contained links that gave access to such documents that were stored in other parts of the server. The documents in question include passport scans, visa documents, medical forms, financing verification data, student files and more. A full overview of details can be found in the official blog of Diachenko.

The IIE reportedly governs more than 200 educational programs that cover more than 29,000 students each year. Programs supported by the IIE include the Fulbright Scholarship, Cargill Global Scholars, Carnegie Fellows and more elite international education programs primarily in the US.

Diachenko explains the risk that the IIE-open database could have brought, and explains: “The alarming amount of personal and financial information would make it easy for a criminal to open new accounts and lines of credit in the names of victims. Middle-aged students are important goals for identity theft because they often have clean credit reports and decent credit scores. ”

Because the open database was left unprotected, even after several attempts to contact the organization were made, it is possible that the database was attacked by hunters. However, such data breaches cannot yet be confirmed. Questions to IIE regarding the problems remained unanswered in more than a week of attempts to contact the relevant authorities.

Get the best of News18 in your inbox – subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube and stay up to date with what’s happening in the world around you – in real time.

.