Report: Millions of college emails breached by 3rd-party hackers

Report: Millions of college emails breached by 3rd-party hackers

A new report shows more and more college email addresses are being compromised by hackers. The study done by cyber security company ID Agent shows the University of Wisconsin-Madison is a big target, but university officials are not certain the results are accurate.

“The numbers don’t match,” said Bob Turner, chief information security officer at UW-Madison.

According to the report, millions of emails ending in .edu have been breached across the nation. The study suggests more than 65,000 UW emails ending in were found on the Dark Web in the last year. It’s not clear from the report how many accounts were truly hacked. Some of those emails were stolen, but others are simply fake addresses.

“I could probably tell you without a doubt we haven’t had that many within the last year. I know of roughly 1,200 or so that we’ve had,” Turner said.

It’s a hack UW-Madison has seen before and keeps a close eye on, but reassures people with those credentials should not panic.

“We have a good education program that’s out there and we are really trying to make sure our users, which is our staff, students, researchers and administrators, that they all have a really good understanding of how not to get caught up in that,” Turner said.

Adam Benson, deputy executive director at Digital Citizen Alliance, said the report was not meant to fault any university’s cyber security.

“I really don’t want to put any universities on the defensive. They do a lot of great things. A lot of great work,” Benson said.

He said they’re merely sharing that this is happening, and for those with college emails to stay alert.

“At a world-class institution like Wisconsin, there are going to be people who want that .edu,” Benson said.

It’s because hackers want to then access personal information and what’s shared through the university system. Benson said it’s also an elite domain to possess, and makes someone seem more credible. In that sense, a hacker could reach out to someone with that .edu email and ask for information they may not receive with a regular domain.

Turner said he understands the concerns and agrees that information needs to be protected.

“I think everyday we have the opportunity for someone to try to steal large volumes of information. We’re protecting against that as best as we can,” Turner said.

Benson said it’s also up to those with the education credentials to protect their own privacy. That can be done by changing passwords frequently to get into email servers. He said there’s a website called I Have Been Pwned, that can tell if an email has been compromised.

“This is your property, this is your information. You have to really be aware of what’s there,” Benson said.

Turner said if there ever is a large security breach on campus, they will send an alert that everyone should change their password.