Stanford U Tells Users To Change Passwords after Hack Attack

Stanford University is working with law enforcement and security consultants to investigate a data breach in its IT infrastructure that appears to have divulged user names and possibly other information. As a precaution, the California institution has asked all users of the university network to change their passwords.

The news was made public in an email sent by Randy Livingston, vice president for business affairs and chief financial officer, to the Stanford community. Livingston suggested that the attack was similar to the ones reported in recent months by a number of large organizations, although he didn't specify which security breaches he was referring to. "We are unable to provide additional detail at this time, given the ongoing nature of the investigation and the importance of limiting any damage from the incursion," he stated.

Besides the email, Stanford is reminding users to change their passwords through a boxed notice on every page of its public Web site.

  A notification on every page of Stanford's Web site warns users to change their password.
A notification on every page of Stanford's Web site warns users to change their password.
 

In recent months, data breaches have taken place at the Federal Reserve, Facebook, Associated Press, Evernote, Twitter, and many other sizable holders of consumer and business data.

Coverage by Seth Fitzgerald on Newsfactor.com suggests that the comparison of the Stanford breach to other well publicized "politically-based" hacking incidents was ill-placed. "Stanford does not conduct classified research, making it an odd target," he wrote.

One set of twitter feeds on the topic of the Stanford hack pointed to an individual named "Ag3nt47" as being a possible culprit. In May 2013, according to security expert Greg Hoglund, this individual had posted a "data dump" onto Pastebin.com consisting of names, email addresses, physical addresses, and other information culled from the accounts of Stanford users affiliated with the Institute for Computational and Mathematical Engineering.

In his reporting, Fitzgerald also suggested that the hack could have originated in China, "in which young nationalists feel that attacking virtually any United States government organization or university is a sign of Chinese patriotism."

In 2012 Stanford experienced three known data breaches. The latest was in October, when 53 universities around the world were hit by a group called Team GhostShell, which made student, staff, and faculty personal data, including user names and passwords, public.

The university's latest recommendation to its users is to create a new password that adheres to these rules:

  • It has to be different from the current password;
  • It must be between eight and 40 characters in length, though IT would prefer it to be at least nine characters long;
  • It shouldn't include any part of the student ID number;
  • It shouldn't be a word found in the dictionary;
  • It can only be composed of characters in the Roman alphabet or symbols on the U.S. keyboard;
  • It should be as long and as random as possible, but not so hard to remember that it needs to be written down;
  • Phrases made up of random words are acceptable as long as they're at least 15 characters long.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • widescreen computer monitor displaying an AI-powered search engine interface with a search bar and futuristic icons

    Google, Microsoft Expand AI-Driven Search Capabilities

    Recent announcements from Google and Microsoft highlight a slough of AI capabilities for their search tools.

  • glowing shield with a lock symbol at its center, surrounded by stylized outlines of books, a graduation cap, and a laptop

    Why the Education Sector Needs to Get Better at Cyber Hygiene

    Despite the wealth of publicly available information about cyber attacks and the tactics used by malicious actors, many institutions appear unprepared to protect their students, faculty, and endowments from cyber threats.

  • illustration of a futuristic building labeled "AI & Innovation," featuring circuit board patterns and an AI brain motif, surrounded by geometric trees and a simplified sky

    Cal Poly Pomona Launches AI and Innovation Center

    In an effort to advance AI innovation, foster community engagement, and prepare students for careers in STEM fields and business, California State Polytechnic University, Pomona has teamed up with AI, cloud, and advisory services provider Avanade to launch a new Avanade AI & Innovation Center.

  • glowing brain, connected circuits, and abstract representations of a book and graduation cap on a light gray gradient background

    Snowflake Launches Program to Upskill 100,000 People in Data and AI

    Cloud data platform Snowflake is embarking on an effort to train and certify more than 100,000 users on its AI Data Cloud by 2027. The One Million Minds + One Platform program will provide Snowflake-delivered courses, training materials, and free access to Snowflake software, at no cost to learners.