430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Are you searching for stolen US University email credentials? Search on the Dark Web

According to a new research published by the nonprofit DCA, millions of stolen US University email credentials are available for sale on the Dark Web. According to a new research published by the nonprofit Digital Citizens Alliance (DCA) that searched the Dark Web for credentials from the top 300 US universities, millions of stolen email […]

Are you searching for stolen US University email credentials? Search on the Dark Web

According to a new research published by the nonprofit DCA, millions of stolen US University email credentials are available for sale on the Dark Web.

According to a new research published by the nonprofit Digital Citizens Alliance (DCA) that searched the Dark Web for credentials from the top 300 US universities, millions of stolen email credentials are available for sale.

Stolen email credentials from the largest US universities are a precious commodity in the dark web, crooks are offering them for a price ranging from $3.50 to $10 apiece.

The researchers, supported by a research firm ID Agent, found 13,930,176 credentials from those big schools, mostly from the University of Michigan (122,556), Penn State (119,350), University of Minnesota (117,604), Michigan State (115,973), and Ohio State (114,032).

DCA university credentials dark web

The MIT is the institute with the highest ratio of stolen and spoofed email addresses to number of enrolled and staff, 2.81:1, followed by Carnegie Mellon University, 2.4:1, and the Cornell University, 2.39:1.

“I’ve been scraping the Dark Web since 2009. There were 2.2 million .edu [emails] there back in 2015, 2.8 million in 2016, and now almost 14 million a year later. That’s a significant spike,” explained Brian Dunn, managing partner at ID Agent.

According to the researchers, the huge amount of stolen records was obtained through third-party website breaches, and during 2016 the number of data breaches was very high.

“There have been significant third-party breaches in 2016,” said Dunn. ID Agent observed a 547% increase in all types of stolen credentials offered for sale in the Dark Web over the past three years.

According to the DCA, the report only analyzed credentials belonging to the major US universities, this means that there is the possibility that in the dark net sellers are offering credentials for other smaller universities.

“[The] .edu [domain] is a generally valuable email domain just like .gov and .mil,” Dunn concluded.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Digital Citizens Alliance, DDoS)