MAASTRICHT. Passwords for hundreds of UM e-mail addresses have possibly found their way out into the open. This was discovered through www.gotcha.pw, a search engine with leaked passwords. A hacker, going by the name of d0gberry, posted these online last week.
In the search engine, users can search by e-mail address or domain name. The search term ‘@maastrichtuniversity.nl’, the domain of employee addresses, produces hundreds of results. Students (@student.maastrichtuniversity.nl) appear to have been affected less often: a total of 378 student passwords have been leaked. It is not clear whether those concerned are still using these old passwords or whether these have been changed in the meantime. One of the passwords related to an external account belonging to vice president of the Executive Board Nick Bos.
“It is not that the UM has been hacked,” says ICT director Jacques Beursgens. “The data has been collected from a series of previous hacks of websites such as LinkedIn, Dropbox and Pinterest. So, it concerns employees and students who use their university e-mail addresses as login names for these sites. Their work or study documents are only accessible to hackers if they used the same passwords there as they do with their UM accounts.”
According to Beursgens, you can do a number of things to protect your accounts properly: “The best thing is not to use your university e-mail address as a user name elsewhere. If you do so anyhow, for example because you want to link your LinkedIn account to your work address, then never use your UM password. It is important that you use a different password for every website and change these regularly. It may seem like a lot of work, but there are useful tools that can do this for you.”
The university is about to launch an awareness campaign to encourage employees and students to change their passwords regularly. Users will receive notifications when they lock their screens, says Beursgens.