LinkedIn Data Breach
I am usually hesitant to distribute warnings such as this, but am making an exception in this case. Computer and Information Systems (CIS) gathers information from many sources about security or credential compromises for SPU account holders. A recent disclosure about a massive credential compromise of the LinkedIn network and the possible number of SPU account holders at risk is very alarming and warrants your attention.
LinkedIn Network Data Breach
We have recently learned that more than 167 million LinkedIn account names and passwords have been dumped on the hacker/pirate underground. More than 2,000 of those LinkedIn accounts have SPU email addresses (username@spu.edu) as the LinkedIn usernames. Some of the compromised credentials may be old (possibly from a year or two ago), but the risk is still significant.
This message is ONLY being distributed to the 2,000+ SPU account holders that have been found in the LinkedIn data breach.
CIS has frequently warned against using SPU passwords for access to non-SPU systems and resources (Facebook, banks, other social networking sites, etc...) because if those systems are compromised, then SPU resources are also at risk. In the past 90 days CIS has seen a huge increase in the number of SPU email accounts that have been compromised and used to send spam and malicious software (such as ransomware). While we don't believe the recent LinkedIn compromise is solely responsible for the spike in SPU compromised accounts, it could have led to the increase.
What Should You Do?
There are two parts to my recommendations:
- Did you use your SPU password on ANY other NON-SPU system (web service, social network, or application) that also includes your SPU email address as the account name? If yes -- PLEASE CHANGE YOUR SPU PASSWORD NOW. See detailed instructions below for updating your SPU password.
- If you have not changed your LinkedIn password during the past year, please do so. While the data breach of their network took place a few years ago, the massive number of compromised credentials only recently flooded the hacker underground.
This might also be a good time to update your passwords across other online accounts -- especially if you frequently re-used the same password.
You also might want to consider password manager software tools, such as LastPass, KeePass, 1Password, etc.... here's an article on Password Managers.
How to Change Your SPU Account Password
- Go to Banner: www.spu.edu/banweb
- Select Personal Menu
- Choose Computer Accounts Menu
- Select Change Your Password
- Select the appropriate account (generally your SPU Username)
- Hit Submit and fill in the fields to reset your password
Creating a complex and easy to remember password is essential. Here are some suggestions: Password Best Practices.
After you change your password in Banner you should wait about 10 minutes for the password change to propagate across all SPU systems. Then begin updating your SPU password on any and all devices that might store and use that password automatically (different computers, different web browsers, your mobile phone, iPads and tablets, etc...).
If you mis-type your new password, or forget about a device that is automatically storing your SPU credential, it's possible to that your account could be locked out (5 wrong passwords will lock your account for 30 minutes). You will need to wait the 30 minutes, then login again.
If you have any trouble please let us know! We're here to help.