A report by Digital Citizens Alliance, "Cyber Criminals, College Credentials, and the Dark Web," shows the threats that campus IT leaders face and offers some advice for preventing the kind of security breaches that have become all too common.
Researchers from Digital Citizens Alliance discovered 13,930,176 email addresses ending with the domain ".edu" and their associated passwords for sale on the internet, Shalina Chatlani reports for Education Dive. The email addresses belonged to students, faculty, and staff. The schools with the most stolen credentials came from the Midwest, but the state with the most stolen credentials was California. The report also included evidence that the same credential could be sold more than once, Chatlani writes.
How to make information security conversations with your board more productive
Thieves who steal ".edu" email addresses from the dark web do so because it provides them with anonymity or obtain benefits exclusively available to .edu addresses, Chatlani writes. For example, thieves may use the accounts to purchase items from Amazon at a discounted price. The email addresses can also help thieves find out the owner's other passwords and sensitive information as well, because it is common for people to use the same password for each of their accounts.
The report suggests several steps IT leaders can take to protect their institution's infrastructure:
- Offer trainings on data breaches, including how they happen and how to prevent them;
- Provide the campus community with guidance on password creation, including what makes a strong password and the consequences of a weak password; and
- Help administrators and faculty understand how to spot malicious or fake emails.
(Chatlani, Education Dive, 6/27; Goral, University Business, 7/17).
How to deal with ransomware attacks—before and after clicking
Next in Today's Briefing
MBA programs evolve to survive with more specialized, niche programs