Report: University E-Mail Accounts Listed on Dark Web

Image Credit: Digital Citizens Alliance.

If you are currently using or previously used an .edu e-mail address, your account name, password and other personal information may be listed online for cyber criminals to buy. 

That analysis comes from Digital Citizens Alliance (DCA), a nonprofit coalition that has been investigating the dark corners of the internet for the last eight years. DCA recently published a report surfacing evidence that cyber criminals are selling tens of thousands of higher ed e-mail accounts on the “Dark Web,” which is a highly decentralized digital space in which the sale and purchase of goods, services and information is unregulated and often illegal. Cyber criminals can sell or buy illicit, usually stolen goods, like weapons, drugs, malware, movies, music and this case e-mail information, in the Dark Web.

DCA, along with researchers at ID Agent, GroupSense and Terbium Labs, looked at the availability of credentials (i.e. e-mail accounts and passwords) for the largest 300 higher education institutions (HEIs) in the United States during the eight-year period. In the most recent scan, March 2, researchers uncovered nearly 14 million e-mail addresses and passwords belonging to faculty members, students and alumni available on the Dark Web. Of these, 79 percent (nearly 11 million) were discovered in the last 12 months.

While a library, computer lab or other academic setting might seem like the first places hackers would attack, researchers instead found that many of the credentials “are the result of one or more breaches in non-academic settings where .edu credential-holders used .edu user names, or the credentials could have been fraudulently created in the first place,” according to the report. 

To help understand why hackers go after academic communities, the DAC report cites expertise and work by the notorious hacker nicknamed “Dead-Mellox,” who leads Team GhostShell, the "hacktivist" organization that once publicly dumped data for tens of thousands of educational and governmental institutions online. Dead-Mellox, later revealed as 25-year-old Razvan Eugen Gheorghe who lives in Bucharest, Romania, offered the following insights to digital citizens:

  • E-mail accounts with .edu domains are vulnerable to breaches in general;
  • Higher ed institutions tend to have more data than leading commercial businesses or governmental entities; and
  • Their assets, including intellectual property and research, offer bigger prizes for hackers.

The report also examines HEIs with the most credentials listed on the Dark Web. For the No. 1 spot, the University of Michigan-Ann Arbor had 122,556 credentials, followed by Pennsylvania State University (119,350), University of Minnesota-Twin Cities (117,604), Michigan State University (115,973), Ohio State University (114,032) and the University of Illinois (99,375). For currently active e-mail accounts,  Massachusetts Institute of Technology tops the list, followed by Baylor University, Cornell University, Carnegie Mellon and Virginia Tech. Ranked by state, California had the largest number of credentials available, followed by New York, Michigan, Texas and Pennsylvania.

View the full report here.

About the Author

Sri Ravipati is Web producer for THE Journal and Campus Technology. She can be reached at [email protected].

Featured

  • central cloud platform connected to various AI icons—including a brain, robot, and network nodes

    Linux Foundation to Host Protocol for AI Agent Interoperability

    The Linux Foundation has announced it will host the Agent2Agent (A2A) protocol project, an open standard originally developed by Google to support secure communication and interoperability among AI agents.

  • cloud connected to a quantum processor with digital circuit lines and quantum symbols

    Columbia Engineering Researchers Develop Cloud-Style Virtualization for Quantum Computing

    Columbia Engineering's HyperQ system introduces cloud-style virtualization to quantum computing, allowing multiple users to run programs simultaneously on a single machine. Learn how it works, why it matters, and highlights from other recent quantum breakthroughs from leading institutions and vendors.

  •  laptop on a clean desk with digital padlock icon on the screen

    Study: Data Privacy a Top Concern as Orgs Scale Up AI Agents

    As organizations race to integrate AI agents into their cloud operations and business workflows, they face a crucial reality: while enthusiasm is high, major adoption barriers remain, according to a new Cloudera report. Chief among them is the challenge of safeguarding sensitive data.

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Report: AI Shifting from Cloud to PCs

    AI is shifting from the cloud to PCs, offering enhanced productivity, security, and ROI. Key players like Intel, Microsoft (Copilot+ PCs), and Google (Gemini Nano) are driving this on-device AI trend, shaping a crucial hybrid future for IT.