Security News > 2022 > May > Compromised academic credentials available on cybercriminal platforms

A new report from the FBI raises warnings about a credential theft threat targeting academic partners of identified US colleges and universities.

These credential stuffing attacks are particularly concerning, because once an attacker is in possession of one login credential, he might run tools like OpenBullet to automatically check if they are valid for dozens or hundreds of other websites.

As people tend to use the same password on websites, it is frequent that once an attacker owns valid credentials for one mailbox system, they might be able to access other mailboxes or online services.

In May 2022, Yale reported an increase in COVID-19 phishing attempts toward higher education institutions, aiming once again for university credentials.

The FBI has observed incidents of stolen higher education credentials posted on publicly accessible cybercriminal forums or marketplaces.

In January 2022, Russian cybercriminal forums offered network credentials and virtual private network access to a multitude of identified American universities and colleges.

News URL

https://www.techrepublic.com/article/compromised-academic-credentials-available/