FBI: Academic Credentials for Sale on the Darkweb
A Private Industry Notification (PIN) from the Federal Bureau of Investigation (FBI) warns that investigators have identified compromised US academic credentials on forums, including at least one on the darkweb.Summary
“The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.”
Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums
“Cyber actors continue to conduct attacks against US colleges and universities, leading to the exposure of user information on public and cyber criminal forums. Credential harvesting against an organization is often a byproduct of spear-phishing, ransomware, or other cyber intrusion tactics. For example, in 2017, cyber criminals targeted universities to hack .edu accounts by cloning university login pages and embedding a credential harvester link in phishing emails. Successfully harvested credentials were then sent to the cyber criminals in an automated email from their servers. Such tactics have continued to prevail and ramped up with COVID-themed phishing attacks to steal university login credentials, according to security researchers from a US-based company in December 2021.”
“The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces. The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services. If attackers are successful in compromising a victim account, they may attempt to drain the account of stored value, leverage or re-sell credit card numbers and other personally identifiable information, submit fraudulent transactions, exploit for other criminal activity against the account holder, or use for subsequent attacks against affiliated organizations.”
[em]Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums[/em] pdf
I heard captain hoods graduated from MIT…
Haha, you’re fucking kidding me… “Captain Hoods?”
The main problem with .edu student credentials is you have to contact someone to change the password. Student's cannot change them via the portal. Student credentials are fairly worthless, Most are public and have been raped when it comes to free student services from third parties.
Captain Hoods does not approve of this message… no doxxing, it’s so trashy
Those credentials give access to email, file shares, network drives, etc that have unpublished research data, unpatented inventions, future research plans, in many cases private health information of patients in research trials, all on top of access to a lot of services, knowledge, and software you'd otherwise have to pay a lot to access. Maybe they don't realize there are people doing more important things than undergraduate arts degrees at universities?
^ Enjoying our weekend I see. lol u simp cucks really get triggered so easily without your dn safe spaces
^ guess I'll just have to bill uncle sam, again, to have those affected, change said credentials, oh noooooos! because patching a zero day exploit in-real-time isn't a thing in 2022, cuck big brain time folks
> As of early 2022, the site containing the credentials was no longer accessible. Reading is hard.