May 052010

With Facebook’s mishap from today it’s already the second in two days. As reported yesterday, 1,6 million sets of data have been taken out of a big German social network called schülerVZ (schüler=student). schülerVZ belongs to the same company, that also offers studiVZ, a network for University students and meinVZ a network for people not studying.

The fact that this data leaked puts the VZ group into an especially bad light. This is due to the fact that the last leak of personal data took place in last fall. Alarming is the fact that last time data leaked, the management announced that proper changes have been made to prevent further data leaks. Just like last time, the warnings from the hackers were ignored. This time it even seems, as if there was nobody in charge for IT-security. This thought, addressed by, is based on the fact that the group responsible for IT-security was put out of office and that there are job offerings (German) on their website.

Florian Strankowski from the Leuphana-University Luneburg, who created the crawler that gathered the also made clear, that it would have been only a matter of time till he got the data of ALL the students in schülerVZ. Furthermore he stated, that all three social networks work the same and the crawler would have worked for the others as well. The reason he took schülerVZ is, because the private life of young kids being compromised is to be seen extremely critical.

I can only hope that Florian Strankowski was the first who found out about this gab in security and that it will be closed before others use it to do harm. But more likely is the fact, that the personal Data from schülerVZ, meinVZ and studiVZ is already out there.

Please take this as a warning and think twice about putting yourself online in a way that might make you look bad in some way. You might not come to know about it, but looking up potential new employees on Facebook or VZ becomes increasingly common today.

Here you can see the crawler LenaML at work. The name was inspired by “Lena Meyer-Landrut” our star for Oslo (Music Video).

  2 Responses to “1,6 million sets of data drawn from German social network SchülerVZ”

  1. I’m sorry there are many wrong facts in this article. Fist of all schuelervz is not in any way connected to studivz. studivz tried to get the inventors of schuelervz in front of court for copying there idea.

    I’m sure this was a big leak, but if you know how to hack you should be easily able to get into those networks and to get all kinds of datas even though they might be already deleted.

  2. They are not connected, but they use the same software and are operated by the same company:
    VZnet Netzwerke Ltd.
    Saarbrücker Str. 38
    D-10405 Berlin

    just click “site info” (german: Impressum) on any vz page and you will see, that they are run by the same company.
    And Hacking into a system isn’t as easy as you think or could you just hack into it and craws all the data?

    greeting Lennart