This is reported by de Volkskrant based on insider sources. The login information of the employee and student was found in criminal data, “such as the log data of known ‘info counters,’” the newspaper writes. That is a form of malware in which criminals steal a victim's identity, such as passwords, emails, and financial information. That data is in turn sold to hackers or other buyers via the dark web. 

TU/e has shared information about the hack with other educational institutions, the newspaper further reports. Partly as a result, Radboud University Nijmegen has taken accelerated measures to secure login with additional authentication. 

It is still unclear how the hackers obtained this data and what their underlying intentions were. It also remains a guess as to what information the hackers were looking for. 

In response, the university spokesman said he did not want to elaborate on the circumstances of the hack. 'We will announce our insights when the investigations are completed and do not want to get ahead of them. Without going into the facts of the cyber attack, it is good to know that we have taken additional measures since the attack and that we continue to invest in strengthening our cyber resilience.'