Compromised Credentials Resources

This document serves to describe common ways credentials can be compromised. In addition, it provides resources that campus offers to help prevent loss of credentials or in case of account compromise.

Common ways accounts are compromised


For more details on how to identify and report phishing see: Scams To Avoid: Protecting Your Online Identity

Password Reuse

Occasionally third -party services can be compromised, and usernames and passwords are often left exposed as a result. If you use the same or similar password for multiple services, that can put you at risk for an attacker having access to more than one of your accounts.

For example, in 2018, Chegg, a textbook rental company, suffered a data breach that resulted in over 40 million stolen usernames and passwords. In Fall of 2019, many higher education institutions were forced to reset passwords after discovering attackers gaining access to accounts where the Chegg username and password matched institution credentials. For more information, see: Chegg to reset passwords for 40 million users after April 2018 hack.

Password managers can make using strong, unique passwords easier.

UW-Madison offers LastPass as an enterprise password management service. For details, see: LastPass articles in the KB.

LastPass can also help monitor for password breaches and can help to identify phishing pages using URL matching. For details, see: LastPass - What Cyberattacks Does LastPass Help Protect Me From? and Dark Web Monitoring.


Some malware may be able to steal your password information. To help protect your device the campus offers the below options.

For anti-malware solutions for campus or personally owned devices see: [Link for document 101730 is unavailable at this time]

Protect yourself! Enable Duo Multi-Factor Authentication

Duo Multi-Factor Authentication helps prevent your account from being accessed and data stolen if an attacker successfully has your password. If you believe you received a fraudulent Duo push, please mark it as fraud and consider changing your password. For more information, see: MFA-Duo Overview.

Need help?

Please contact the DoIT Help Desk with any additional questions: Get Help from DoIT.

Keywordscompromise netid csoc cybersecurity resources educational phishing video malware password credential dump dumping harvesting phish   Doc ID107115
OwnerBridget B.GroupCybersecurity Operations Center
Created2020-11-11 14:04:28Updated2023-05-30 16:13:45
SitesCybersecurity Operations Center, DoIT Help Desk, Office of Cybersecurity
Feedback  1   0