Colinbailey1989

User

Reputation:
0
Topics:
3
Posts:
5
Leaks:
3
Member since:

Loading component...

Profile of Colinbailey1989 - BreachStars

Colinbailey1989

User

Reputation:
0
Topics:
3
Posts:
5
Leaks:
3
Member since:

Queen Mary University of London is a Russell Group UK Elite Research Uni globally ranked in the Top 100 in USA uni rankings
https://www.usnews.com/education/best-gl...don-503389

As part of an ongoing breach, a list of 120k student and staff internal email addresses were previously released,
https://raidforums.st/Thread-Top-100-University-Student-Staff-emails

The next breach was on their Kaltura media hub.
Kaltura Capture is a video conferencing platform used in the educational sector for video conferencing and recordings. Consider it a video database.
https://corp.kaltura.com/video-collabora...eo-portal/

Explanation of the vulnerability:
The following article on Queen Mary University's platform page provides a description on downloading videos from Kaltura using the Media Entry ID, a unique string that maps to a video in the database. It was written by John Seamons, part of the uni's cybersecurity team.

https://qmplus.qmul.ac.uk/mod/wiki/view.php?pageid=3628

Now the only problem is they left the API to download videos completely open, with no login or API credentials required. You just need the Media Entry ID of any video and you can request streaming links to it and with a bit of Inspect Element tomfoolery, you can manufacture a link to download these DRM protected private videos.

This leaves Queen Mary's entire Kaltura video database completely open as long as you can find the Entry ID to each video.

This actual leak is ~270 gigs of what could actually be hundreds of terabytes exposed if someone spent the time, effort and storage space to scrape all internal pages for these Entry IDs. A 8GB sample is attached for download with the rest available via a magnet link.

The leak contains lectures, private group discussions, project demos, students displaying their IDs, desktops with family photos, essentially a lot of PII, and maybe some guides on how to do stuff internally on the platform.
08.12.2025, 14:42 in Top 100 University - Kaltura Video Platform Leaks - 8GB Sample - 270GB total
Just to add, the catbox link in the description is the actual 120k list. No need to buy for credits.

Here is a sample,
bs22597@qmul.ac.uk | Preyank Chirag Kakkad
ha231699@qmul.ac.uk | Preyankhee Kumaralingam
te231061@qmul.ac.uk | Preyash Padaliya Padaliya
ra23041@qmul.ac.uk | Pria Louise Bradstreet
ha221713@qmul.ac.uk | Pricilla Esi Foli-Arthur
lc25379@qmul.ac.uk | Pricillia Putri Ervian Sitompul
ha24125@qmul.ac.uk | Pride Lovemore Mtetwa
lc16489@qmul.ac.uk | Prihandana Suko Prasetyo Adi
ha231683@qmul.ac.uk | Prima Begum
ha191106@qmul.ac.uk | Prima Sarah Casey Prawiradiraja
yd19007@qmul.ac.uk | Primala Ashokan
ahw607@qmul.ac.uk | Primoz Skraba
cb22749@qmul.ac.uk | Primrose Moira

The data was obtained from a carelessly exposed API as part of an ongoing breach into the university's systems.
29.11.2025, 23:11 in Queen Mary University of London - Staff/Student Emails and Names - 120k+
Queen Mary University of London is a Russell Group UK Elite Research Uni globally ranked in the Top 100 in USA uni rankings https://www.usnews.com/education/best-global-universities/queen-mary-university-london-503389
The new leaked list has now been extended to include most staff and students since 2020 who enrolled. This is at a total ~120k. You can even search for lecturers/deans and staff and find their private emails address on the list.

Most undergrands also have degrees of ~3-4 years so a large portion of the list is still active.
Here is the new list of ~120k: https://files.catbox.moe/sk7bw9.txt
Verification:
Simple, by just trying to login to https://mail.qmul.ac.uk
You get a prompt for a password if the user_id@qmul.ac.uk exists, otherwise there is an error message.
You can further try a password reset on the same site to verify if an email is dormant or active.
Note: Staff use more meaningful email aliases for receiving contact which can't be logged in with,
Example: https://www.sems.qmul.ac.uk/staff/yamin.abdouni/
Email(on site): yamin.abdouni@qmul.ac.uk
Email(in list): exw819@qmul.ac.uk (dormant) and exw845@qmul.ac.uk (active)
28.11.2025, 06:36 in Queen Mary University of London - Staff/Student Emails and Names - 120k+
sorry, how is it a data breach if its free and open source??
27.11.2025, 17:10 in Pomona SOIC clip datasheet
Queen Mary University of London at Mile End Road, London, United Kingdom, E14NS
Confidential student email IDs and corresponding names have been leaked from this top 100 university. This is part of an ongoing breach at the university where staff have leaked other details which are currently being audited for release. Thank you for your patience.
The uni is ranked as a top global university and mostly uses random IDs to maintain privacy of it's students.

https://www.qmul.ac.uk/media/news/2025/queen-mary-news/pr/queen-mary-recognised-as-top-global-university.html
The text file above contains 85k+ leaked student email IDs and names. Mx Records indicate that all email IDs are still active.
Verification of emails actually existing is quite easy, by just trying to login to https://mail.qmul.ac.uk
You get a prompt for a password if the user_id@qmul.ac.uk exists, otherwise there is an error message.
Proof(screenshots):
https://files.catbox.moe/9pjjwu.png
https://files.catbox.moe/l5ky0i.png
#Hacked #DataBreach #University
27.11.2025, 16:55 in Queen Mary University of London - Student Names and Emails - 85k+

Loading component...

Queen Mary University of London is a Russell Group UK Elite Research Uni globally ranked in the Top 100 in USA uni rankings
https://www.usnews.com/education/best-gl...don-503389

As part of an ongoing breach, a list of 120k student and staff internal email addresses were previously released,
https://raidforums.st/Thread-Top-100-University-Student-Staff-emails

The next breach was on their Kaltura media hub.
Kaltura Capture is a video conferencing platform used in the educational sector for video conferencing and recordings. Consider it a video database.
https://corp.kaltura.com/video-collabora...eo-portal/

Explanation of the vulnerability:
The following article on Queen Mary University's platform page provides a description on downloading videos from Kaltura using the Media Entry ID, a unique string that maps to a video in the database. It was written by John Seamons, part of the uni's cybersecurity team.

https://qmplus.qmul.ac.uk/mod/wiki/view.php?pageid=3628

Now the only problem is they left the API to download videos completely open, with no login or API credentials required. You just need the Media Entry ID of any video and you can request streaming links to it and with a bit of Inspect Element tomfoolery, you can manufacture a link to download these DRM protected private videos.

This leaves Queen Mary's entire Kaltura video database completely open as long as you can find the Entry ID to each video.

This actual leak is ~270 gigs of what could actually be hundreds of terabytes exposed if someone spent the time, effort and storage space to scrape all internal pages for these Entry IDs. A 8GB sample is attached for download with the rest available via a magnet link.

The leak contains lectures, private group discussions, project demos, students displaying their IDs, desktops with family photos, essentially a lot of PII, and maybe some guides on how to do stuff internally on the platform.
08.12.2025, 14:42 in Top 100 University - Kaltura Video Platform Leaks - 8GB Sample - 270GB total
Just to add, the catbox link in the description is the actual 120k list. No need to buy for credits.

Here is a sample,
bs22597@qmul.ac.uk | Preyank Chirag Kakkad
ha231699@qmul.ac.uk | Preyankhee Kumaralingam
te231061@qmul.ac.uk | Preyash Padaliya Padaliya
ra23041@qmul.ac.uk | Pria Louise Bradstreet
ha221713@qmul.ac.uk | Pricilla Esi Foli-Arthur
lc25379@qmul.ac.uk | Pricillia Putri Ervian Sitompul
ha24125@qmul.ac.uk | Pride Lovemore Mtetwa
lc16489@qmul.ac.uk | Prihandana Suko Prasetyo Adi
ha231683@qmul.ac.uk | Prima Begum
ha191106@qmul.ac.uk | Prima Sarah Casey Prawiradiraja
yd19007@qmul.ac.uk | Primala Ashokan
ahw607@qmul.ac.uk | Primoz Skraba
cb22749@qmul.ac.uk | Primrose Moira

The data was obtained from a carelessly exposed API as part of an ongoing breach into the university's systems.
29.11.2025, 23:11 in Queen Mary University of London - Staff/Student Emails and Names - 120k+
Queen Mary University of London is a Russell Group UK Elite Research Uni globally ranked in the Top 100 in USA uni rankings https://www.usnews.com/education/best-global-universities/queen-mary-university-london-503389
The new leaked list has now been extended to include most staff and students since 2020 who enrolled. This is at a total ~120k. You can even search for lecturers/deans and staff and find their private emails address on the list.

Most undergrands also have degrees of ~3-4 years so a large portion of the list is still active.
Here is the new list of ~120k: https://files.catbox.moe/sk7bw9.txt
Verification:
Simple, by just trying to login to https://mail.qmul.ac.uk
You get a prompt for a password if the user_id@qmul.ac.uk exists, otherwise there is an error message.
You can further try a password reset on the same site to verify if an email is dormant or active.
Note: Staff use more meaningful email aliases for receiving contact which can't be logged in with,
Example: https://www.sems.qmul.ac.uk/staff/yamin.abdouni/
Email(on site): yamin.abdouni@qmul.ac.uk
Email(in list): exw819@qmul.ac.uk (dormant) and exw845@qmul.ac.uk (active)
28.11.2025, 06:36 in Queen Mary University of London - Staff/Student Emails and Names - 120k+
sorry, how is it a data breach if its free and open source??
27.11.2025, 17:10 in Pomona SOIC clip datasheet
Queen Mary University of London at Mile End Road, London, United Kingdom, E14NS
Confidential student email IDs and corresponding names have been leaked from this top 100 university. This is part of an ongoing breach at the university where staff have leaked other details which are currently being audited for release. Thank you for your patience.
The uni is ranked as a top global university and mostly uses random IDs to maintain privacy of it's students.

https://www.qmul.ac.uk/media/news/2025/queen-mary-news/pr/queen-mary-recognised-as-top-global-university.html
The text file above contains 85k+ leaked student email IDs and names. Mx Records indicate that all email IDs are still active.
Verification of emails actually existing is quite easy, by just trying to login to https://mail.qmul.ac.uk
You get a prompt for a password if the user_id@qmul.ac.uk exists, otherwise there is an error message.
Proof(screenshots):
https://files.catbox.moe/9pjjwu.png
https://files.catbox.moe/l5ky0i.png
#Hacked #DataBreach #University
27.11.2025, 16:55 in Queen Mary University of London - Student Names and Emails - 85k+