Have you been ‘pwned’?
Posted on: 20 September 2017
By: wolfeg
No Comments »
Filed under: Uncategorized
This month our Information and IT Security officer, Graeme Wolfe, looks at recent security breaches, lists of potentially hacked accounts and what it means to be ‘pwned’?
You may not have heard, recently, that a collection of over 700 Million email addresses was found online, posted on a web server with an obscure URL, supposedly to prevent accidental detection.
You may, however, have heard of some of the recent high profile data breaches at Equifax, Ashley Madison, Adobe, LinkedIn, DropBox, Yahoo, Talk Talk, AA, Target, TK Maxx…I could go on and on – which is where many of the email addresses and other sensitive data were originally harvested from.
When the University’s security team ‘CSIRT’ (Computer Security Incident Response Team) found out about this, we decided to investigate and see if there were any instances of @Westminster or @my.Westminster email addresses in this list. Unfortunately we found many thousands of our email addresses listed, so we decided to act on your behalf.
Many of you will have recently received an email from Csirt@westminster.ac.uk, advising you that your Westminster account had been linked to a high-profile data breach and that you should change the password not only on the breached account, but also on your Westminster account, especially if you use the same password across multiple accounts.
After any security or data breach, you should take the following action:
- When you are made aware of a breach, then change your passwords straight away
- Consider using a password manager to generate and store unique passwords for each online account
- Never use the same password on different accounts
- Never reuse your Westminster log in details for other external services
You can check to see if your own personal email accounts, as well as your Westminster ones, have been breached on https://haveibeenpwned.com/ ‘Pwned’, is a widely used slang term (with origins in online gaming) meaning to conquer, appropriate or gain ownership of.
Just enter an email address and it will tell you if it has been ‘pwned’ and where the information may have been taken from. If you have been ‘pwned’ you should be on your guard for any spam / phishing / malware emails directed at you and you should follow the actions above. If you haven’t already been a target for scammers, then any security expert will tell you, it’s only a matter of time.
Graeme Wolfe
Information and IT Security Officer
15/09/2017