IT Security Alert: Exposure of Passwords Worldwide Could Affect You!

Padlock representing IT Security

Alert! IT security experts recently discovered that billions of usernames and passwords from sites such as Netflix, LinkedIn and others have been publicly posted on a hacking site. If you reuse passwords across multiple services, such as Guilford email and social media, your Guilford account is at risk even if not directly exposed.

What Happened?

In this particular hack, called the “COMB Breach”, hackers combined login credentials (usernames and passwords) from many prior data breaches. Hackers then exposed the information by “dumping” it on a website publicly available to other hackers.

How to Protect Yourself

Reset your passwords:
Due to the serious risk of compromise, ITS recommends you reset passwords for all of your accounts, starting with email. Learn how to reset your Guilford account passwords here.

Don’t reuse passwords across multiple sites:
Follow the advice of security experts and use a unique password for each account. While it may seem like trouble to keep track of multiple passwords, this prevents a compromise of one account from affecting all accounts. Make the effort to remember multiple passwords to avoid the trouble of dealing with multiple compromises!

Be vigilant about suspicious messages or activity:
If you notice unsual activity with your Guilford accounts (such as emails disappearing or security alerts), contact ITS@guilford.edu. Be wary of suspcious or unusal messages even if they appear to be from someone you know. That person’s account may be compromised. Before responding to messages that seem unusal, call the person to verify the message is legitimate.

Do not respond to or engage with suspected hackers or spammers:
Hackers who send messages asking for personal information may be trying to verify that an account is active. If you receive a suspicious message to your Guilford account, forward it to its@guilford.edu or simply delete it. Don’t put yourself at risk by responding or clicking on links in the message.

Learn More

The website https://haveibeenpwned.com/ provides a place to enter an email address and check if that address has been part of a data breach. If you have many email addresses, this can help you priortize which passwords to reset first. Keep in mind, though, that this website is not aware of every breach that has ever happened. Also, even if your an account was not directly exposed, it is at risk if it shares a password with an exposed account.

To learn more about the COMB Breach see the article Over 3 billion emails and passwords hacked in possibly the largest breach ever .