Stanford University hacked, becomes latest data breach victim

Filed Under: Data loss, Featured, Privacy

Yet more passwords need changing, as America's prestigious Stanford University joins the long line of recent data breach victims.

Although specific details remain scarce, an announcement from the university authorities urges all users, which may include staff and alumni as well as current students, to ensure their details are checked and updated ASAP.

The alert was emailed to all users yesterday, and a banner alert posted on the account system main page.

Stanford message

As a precautionary measure in the wake of an apparent breach in its information technology infrastructure, Stanford University is asking all SUNet ID holders to update their passwords...

Research by TechCrunch shows several similar hacks at Stanford and other universities in recent months, with the hacker thought to be behind them also claiming responsibility for the latest breach.

However, the data revealed by the hacker, known as Ag3nt47 (presumably in homage to the Hitman game franchise character), appears to be publicly available information, casting doubt on the claim.

Stanford logoStanford bosses claim to be "not aware at this time" of any sensitive data that could have been harvested during the breach, and suggest it bears similarities to other "incidents reported in recent months by a range of companies and large organizations".

Whether this implies a direct technical connection to previous university attacks or previous attacks by Ag3nt47, or is simply a reference to the ongoing spate of high-profile breaches, is unclear.

There have been growing worries of late in the US university community following an apparent steep upturn in cyber attacks. With many seeming to originate from China there are, of course, suspicions that precious research data is being targeted.

However, most data stolen seems to be the usual suspects of personal information for identity theft, and of course username/password combos which might give access to more valuable accounts elsewhere.

University networks tend to be much harder to secure than corporate systems, given the diverse range of devices and user types requiring connectivity to a wide selection of services. This makes their data relatively low-hanging fruit.

As always, everyone at risk is urged to update their password at the first opportunity, with the standard reminders to ensure you choose a strong password, don't recycle passwords across sites, and use a password manager if necessary.

, ,

You might like

3 Responses to Stanford University hacked, becomes latest data breach victim

  1. Mike · 760 days ago

    As is usual, a search of Stanford's IT website indicates they don't have any IT staff dedicated to information security. My guess is that will change in a few months......

  2. Mike Angelinovich · 662 days ago

    Changing Passwords and making them as strong as possible is useless against today's malware carrying Trojan exploits that steal Login credentials as you type them in.

  3. Alexander Barbe · 650 days ago

    Update from a Stanford student (a Junior):
    In the wake of the breach over the summer, at the start of the academic year, the University began to roll out Two-Factor Authentication, using Google Authenticator, printed codes, or SMS-based systems (ordered by apparent preference). It became mandatory for staff in September (if not before), and for students in mid-October.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.