The nearly 6,000 myUK accounts were being sold over the dark web until authorities intervened and deactivated the accounts affected to prevent further data stealing
Jukebox 27 Sep 2019 1
University IT officials have revealed information that close to 6,000 personal myUK accounts were placed up for sale on the dark web on Tuesday.
The accounts, belonging to faculty members, staff, and students used for scheduling classes, emails and general academic purposes were discovered online, put up for sale on the darknet.
Officials say they promptly deactivated the accounts when it came to their attention to prevent the data thieves and possible buyers from accessing or manipulating user data, as shared by IT Services Director of Data Privacy and Privacy, Michael Sheron. He added that the details of the accounts were not harvested from the UK.
The Cybersecurity, Data Privacy and Policy team is in charge of monitoring and assessing data to identify and mitigate the thousands of cybersecuritythreats in universities in the UK.
This follows closely the data breachChegg.com suffered in 2018. The website, which offers book rental services to students suffered a breach which affected about 40 million customers and led the company to reset all their user passwords to prevent further data theft. Their database included information from users of other academic services offered by the site. The site said they believe the data thieves took email addresses, usernames and passwords but insist no financialdata was compromised.
Information suggests that another third-party website also used by students, faculty, and staff nationwide was also threatened, with the data bandits making away with thousands of UK accounts. Users who tried to access the website discovered the news after being led to another UK IT website which shared that their accounts may have been compromised by the recent Chegg.com breach.
Users who lost data to the breach and had their passwords reset were prompted to log in to their accounts to confirm their financial and course enrollment data was not manipulated, on directions shared with the College of Communications.