FBI: Academic Credentials for Sale on the Darkweb

An alert from the FBI warns that compromised US academic credentials are being sold on the darkweb.

A Private Industry Notification (PIN) from the Federal Bureau of Investigation (FBI) warns that investigators have identified compromised US academic credentials on forums, including at least one on the darkweb.


“The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.”

A picture of Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums

Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums


“Cyber actors continue to conduct attacks against US colleges and universities, leading to the exposure of user information on public and cyber criminal forums. Credential harvesting against an organization is often a byproduct of spear-phishing, ransomware, or other cyber intrusion tactics. For example, in 2017, cyber criminals targeted universities to hack .edu accounts by cloning university login pages and embedding a credential harvester link in phishing emails. Successfully harvested credentials were then sent to the cyber criminals in an automated email from their servers. Such tactics have continued to prevail and ramped up with COVID-themed phishing attacks to steal university login credentials, according to security researchers from a US-based company in December 2021.”

“The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces. The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services. If attackers are successful in compromising a victim account, they may attempt to drain the account of stored value, leverage or re-sell credit card numbers and other personally identifiable information, submit fraudulent transactions, exploit for other criminal activity against the account holder, or use for subsequent attacks against affiliated organizations.”


  • As of January 2022, Russian cyber criminal forums offered for sale or posted for public access the network credentials and virtual private network accesses to a multitude of identified US-based universities and colleges across the country, some of which included screenshots as proof of access. Sites posting credentials for sale typically listed prices varying from a few to multiple thousands of US dollars.
  • In May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were identified on a publically available instant messaging platform. The group posting the compromised data appeared to be involved in the trafficking of stolen login credentials and other cyber criminal activities.
  • In late 2020, US territory-based university account usernames and passwords with the domain .edu were found for sale on the dark web. The seller listed approximately 2,000 unique usernames with accompanying passwords and asked for donations be made to an identified bitcoin wallet. As of early 2022, the site containing the credentials was no longer accessible.

It surprises me that something as mundane as compromised academic credentials meets the threshold for a PIN.

Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums pdf

Do you really want to comment here? not rules
462fa070 Fri, May 27, 2022

It surprises me that something as mundane as compromised academic credentials meets the threshold for a PIN.

My lord the douchness, go outside, DNL.

c3f3a7c0 Fri, May 27, 2022

Those credentials give access to email, file shares, network drives, etc that have unpublished research data, unpatented inventions, future research plans, in many cases private health information of patients in research trials, all on top of access to a lot of services, knowledge, and software you’d otherwise have to pay a lot to access. Maybe they don’t realize there are people doing more important things than undergraduate arts degrees at universities?

8de18ef0 Fri, May 27, 2022

^ Enjoying our weekend I see.

lol u simp cucks really get triggered so easily without your dn safe spaces

224fe910 Fri, May 27, 2022

^ guess I’ll just have to bill uncle sam, again, to have those affected, change said credentials, oh noooooos! because patching a zero day exploit in-real-time isn’t a thing in 2022, cuck

big brain time folks

97828120 Fri, May 27, 2022

As of early 2022, the site containing the credentials was no longer accessible.

Reading is hard.

a7130730 Sat, May 28, 2022

I heard captain hoods graduated from MIT…

11f38480 Sat, May 28, 2022

Haha, you’re fucking kidding me… “Captain Hoods?”

3f0a6a90 Sat, May 28, 2022

The main problem with .edu student credentials is you have to contact someone to change the password. Student’s cannot change them via the portal.
Student credentials are fairly worthless, Most are public and have been raped when it comes to free student services from third parties.

27a55f60 Sat, May 28, 2022

some passwords above contain a small letter and a big letter a number and special character. seems insufficient for protection against hackers

ee498b10 Sat, May 28, 2022

Captain Hoods does not approve of this message… no doxxing, it’s so trashy

b1fcd550 Thu, Jun 2, 2022

2FA for the win! mando password changes

its all peer-reviewed which u can all torrent if u all super curious, or you know, contribute to society, cucks

try harder incels


92aa9900 Sat, May 28, 2022

who selling it?

53bf5bf0 Sat, May 28, 2022

ET should probably phone home dude… 3

15988bb0 Sat, May 28, 2022

I’m so bored here drug dealers are so static

e66f2d70 Sat, May 28, 2022

DNL… let’s cook…

3fb5e5e0 Thu, Jun 2, 2022

wtf happened to sanwells. fuck.

New comments are disabled after ten days in an attempt to limit spam.