Stanford U Tells Users To Change Passwords after Hack Attack

Stanford University is working with law enforcement and security consultants to investigate a data breach in its IT infrastructure that appears to have divulged user names and possibly other information. As a precaution, the California institution has asked all users of the university network to change their passwords.

The news was made public in an email sent by Randy Livingston, vice president for business affairs and chief financial officer, to the Stanford community. Livingston suggested that the attack was similar to the ones reported in recent months by a number of large organizations, although he didn't specify which security breaches he was referring to. "We are unable to provide additional detail at this time, given the ongoing nature of the investigation and the importance of limiting any damage from the incursion," he stated.

Besides the email, Stanford is reminding users to change their passwords through a boxed notice on every page of its public Web site.

  A notification on every page of Stanford's Web site warns users to change their password.
A notification on every page of Stanford's Web site warns users to change their password.
 

In recent months, data breaches have taken place at the Federal Reserve, Facebook, Associated Press, Evernote, Twitter, and many other sizable holders of consumer and business data.

Coverage by Seth Fitzgerald on Newsfactor.com suggests that the comparison of the Stanford breach to other well publicized "politically-based" hacking incidents was ill-placed. "Stanford does not conduct classified research, making it an odd target," he wrote.

One set of twitter feeds on the topic of the Stanford hack pointed to an individual named "Ag3nt47" as being a possible culprit. In May 2013, according to security expert Greg Hoglund, this individual had posted a "data dump" onto Pastebin.com consisting of names, email addresses, physical addresses, and other information culled from the accounts of Stanford users affiliated with the Institute for Computational and Mathematical Engineering.

In his reporting, Fitzgerald also suggested that the hack could have originated in China, "in which young nationalists feel that attacking virtually any United States government organization or university is a sign of Chinese patriotism."

In 2012 Stanford experienced three known data breaches. The latest was in October, when 53 universities around the world were hit by a group called Team GhostShell, which made student, staff, and faculty personal data, including user names and passwords, public.

The university's latest recommendation to its users is to create a new password that adheres to these rules:

  • It has to be different from the current password;
  • It must be between eight and 40 characters in length, though IT would prefer it to be at least nine characters long;
  • It shouldn't include any part of the student ID number;
  • It shouldn't be a word found in the dictionary;
  • It can only be composed of characters in the Roman alphabet or symbols on the U.S. keyboard;
  • It should be as long and as random as possible, but not so hard to remember that it needs to be written down;
  • Phrases made up of random words are acceptable as long as they're at least 15 characters long.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • abstract image of fragmented, floating geometric shapes with holographic lock icons and encrypted code, set against a dark, glitchy background with intersecting circuits and swirling light trails

    Education Sector a Top Target for Mobile Malware Attacks

    Mobile and IoT/OT cyber threats continue to grow in number and complexity, becoming more targeted and sophisticated, according to a new report from Zscaler.

  • An abstract depiction of a virtual reality science class featuring two silhouetted figures wearing VR headsets

    University of Nevada Las Vegas to Build VR Learning Hub for STEM Courses

    A new immersive learning center at the University of Nevada, Las Vegas is tapping into the power of virtual reality to support STEM engagement and student success. The institution has partnered with Dreamscape Learn on the initiative, which will incorporate the company's interactive VR platform into introductory STEM courses.

  • Campus Technology Product Award

    Call for Entries: 2024 Campus Technology Product Awards

    The entry period for the 2024 Campus Technology Product Awards is now open.