On 25 September 2025, a new thread popped up on the darknet forum darkforums.st. The post, published by an actor going by KaruHunters, claims that a database linked to Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU / fau.de) was leaked online. The Kaduu team, while running routine checks on underground forums, spotted the post quickly. If accurate, the leak could expose names, addresses, emails, phone numbers, and even images of students and staff. That’s not just worrying—it’s potentially devastating for privacy and trust. ⚠️

What is FAU / fau.de & Why It Matters

FAU is one of Germany’s largest research universities, spread across Erlangen and Nuremberg. Its main domain, fau.de, connects students, faculty, and staff to digital tools ranging from class portals to administrative services. If attackers managed to pull data directly tied to fau.de, then highly sensitive personal information may already be circulating in underground markets. 🎓

In May 2024, FAU’s leadership openly acknowledged the growing cyber threat, stating: “It is not a question of if, but when” universities face attacks. (fau.de) That warning may now look uncomfortably prescient.

FREE TRIAL

Start Your 7-Day Free Trial and Discover DarknetSearch in Action →

START YOUR FREE TRIAL NOW

The Leak Post & Data Schema

On darkforums.st, KaruHunters published what appears to be the structure of a FAU database. This wasn’t just a vague claim—the post included actual table fields and technical details. 💻

📸 Image of the leak:

What Was Allegedly Exposed

The schema includes:

• Personal details: full names, gender, titles, birthdates, hash password
• Contact info: emails, phone numbers, mobile, fax, usernames, email addresses
• Addresses: street, building, room, city, postal codes, country
• Additional data: company field, website, region, and even profile images (image blob)
• System fields: timestamps, deleted flags, group IDs

Taken together, these fields could paint a complete picture of an individual—far more than what should ever be exposed outside secure systems.

📸 Image of the sample data:

How Could the Leak Have Happened?

Leaks of this scale usually come down to one of a few common scenarios:

REQUEST A QUOTE

Get a tailored pricing proposal based on your organization's needs and risk profile. →

REQUEST YOUR QUOTE NOW

1. Misconfigured databases left exposed to the internet without a firewall.
2. SQL injection attacks against public‑facing sites tied to fau.de.
3. Compromised staff accounts through phishing or stolen credentials.
4. Unsecured backups stored in the wrong place.
5. Third‑party service providers being hacked.
6. Old data resurfacing after being stolen in the past. 🔐

The presence of image data and detailed address records suggests attackers had deep access, pointing to compromised credentials or an unprotected server rather than just scraping public info.

External Reference 🌐

For context, German universities have faced similar issues before. The Kaiserslautern University of Applied Sciences was hit by ransomware in 2023, forcing a major IT shutdown. (The Record) Cases like this show that academic institutions remain high‑value targets for cybercriminals.

Why This Alleged Leak is Serious

If the FAU data leak is genuine, here’s what’s at stake:

• 📧 Phishing attacks: exposed emails make social engineering easier.
• 🪪 Identity theft: with names, birthdates, and addresses, criminals can build convincing fake profiles.
• ⚖️ Legal fallout: under GDPR, FAU would be required to inform both regulators and affected individuals.
• 🏫 Reputation damage: trust in FAU’s digital infrastructure would suffer.
• 🔄 Chain reactions: attackers could pivot from this data to other systems or accounts.

Final Thoughts

The alleged FAU data leak posted on darkforums.st by KaruHunters is still unverified, but the technical details shared make it impossible to ignore. Whether this is a fresh breach or old data resurfacing, the risks to privacy and security are very real. 🚨

To follow developments, explore resources like darknetsearch.com for tracking underground activity. For a broader look at massive database exposures worldwide, see Wired’s coverage of mysterious open databases (wired.com).

Discover much more in our complete guide
Request a demo NOW