Disclaimer: This news item was originally posted on Wednesday, Jul 6, 2016. Its content may no longer be timely or accurate.

Notifications on Compromised Email Addresses

Posted: 14:59:22, Wednesday, Jul 6, 2016   Expiration: 14:59:22, Wednesday, Sep 7, 2016  

The steps to take if your account was compromised in the recent social media/professional networking hack.

Recently, the UW Office of Cybersecurity notified around 1000 faculty, staff and students whose campus email addresses were compromised when also used as account names with social media and/or professional networking sites, like Myspace, Tumblr and LinkedIn. The email address compromised may be an alias or alternate address that forwards incoming messages to your current, primary email box. While the alias does not have a password on the campus email system, if you ever set the password on external sites like Myspace, Tumblr and LinkedIn to match your NetID password, you must immediately reset your NetID password, per the instructions below. If the password that you used on the external sites was a unique one that was not replicated elsewhere, and if you reset your password when the initial hack of these sites was announced, then this is more of a precaution than a must. If you have any doubt about the password used, MERIT urges you to reset your NetID password now. Team members are happy to assist with the reset process or answer additional questions about this notification.

  

Some tips on selecting and managing passwords: https://it.wisc.edu/guides/select-manage-protect-passwords/


Thank you,

MERIT IT Staff

helpdesk@education.wisc.edu


Instructions from the UW Office of Cybersecurity


The UW Office of Cybersecurity has recently received a confirmed report of compromised email addresses associated with several social media and professional networking sites, including Myspace, Tumblr and LinkedIn. This compromise resulted in the publication of password information for these accounts. The list of accounts included email addresses that contain the "wisc.edu" domain.


How does this affect me?


Your email address ending in "wisc.edu" as indicated below was on the list of compromised account information.


email_address@education.wisc.edu


Your stolen credentials could be used for unauthorized access, and in some cases, illegal activities. If you use the same login credentials for other accounts, such as your bank, credit cards, or utilities, or for remote access to your computing devices, you are at great risk of personal and financial loss. In addition, if you used your UW Madison NetID password with these accounts, this makes the University network vulnerable to attack.

What do I need to do?

Protect yourself and the University network.

  • If the password you used on the impacted site was the same as your UW Madison NetID account password you MUST change your NetID password immediately. To do that, login to the UW Madison NetID page and follow the online instructions.

  • Passwords selected must:

    • be a minimum of eight (8) characters in length

    • be memorized; if a password is written down, it must be stored in a secure place

    • contain at least one (1) character from three (3) of the following categories:

      • Uppercase letter (A-Z)

      • Lowercase letter (a-z)

      • Digit (0-9)

      • Special character (~`!@#$%^&*()+=_-{}[]|:;"'?/<>,.)

    • be private

  • Passwords selected must not:

    • contain a common proper name, login ID, email address, initials, first, middle or last name

    • have been used in the last year or last three passwords, whichever is greater.

For more information on how to protect your personal identity and the resources of the University, see the UW Office of Cybersecurity website.

If you have any questions or concerns, please contact the Office of Cybersecurity at cybersecurity@cio.wisc.edu.


-- School of Education: Jason Erdmann

Created: 00:02:49, Wednesday, Jul 6, 2016 (by Jason E.)
Updated: 10:41:37, Wednesday, Jul 13, 2016 (by Jason E.)