On December 19, 2016, it was reported that hacker Cryptolulz666 had hacked the database of the Indian Institute of Technology Kharagpur. Cryptolulz666 accessed user data including emails, passwords, phone numbers, and security questions, and leaked them on pastebin.
The hacker told securityaffairs.co that he had accessed the data of 12,000 users, but had only leaked a small number of them. He said that he exploited an SQL injection vulnerability in the site, and claimed to be attempting to raise awareness on the part of the authorities.
Cryptolulz had recently breached the website of IIT Bombay, as well as the Russian embassy of Armenia and Russian and Italian websites.
Source: securityaffairs.co, December 19, 2016