Reminder to use unique passwords

Data breaches have become common with increased sophistication and volume of cyberattacks, and could affect you!

Credential dumps (login and password combinations) are sold on hacker forums all the time. Malicious hackers use stolen credentials to "pivot" to other accounts that may be using the same email/password combination to gain unauthorised access to systems and data.

Cit0Day was a website that was launched by hackers in 2018 to sell usernames, email addresses, and text passwords accessed from various data breaches. It was closed by the FBI on 14 September 2020.

What happened

A database from the Cit0Day website containing more than 13 billion user accounts - an aggregation of previous breaches across more than one hundred services - was made accessible on a hacker forum. Contained in this database were approximately 800 accounts using @adelaide.edu.au as the login name. About half of these belonged to users who have active accounts at the University.

These users were contacted on Friday 20 November and advised that they must change their University of Adelaide password as a precaution.

 General Advice

• Always use a unique password for each web service, so that one breach does not lead to the compromise of other accounts and services
• Use a password manager to generate random passwords so that you don't need to memorise each one
• Avoid using your University (@adelaide.edu.au) email for subscribing to a non-work-related services such as social media
• Visit Have I Been Pwned? and click Notify Me to register your email address to be notified of breaches of both personal and University accounts

Contact the Service Desk if you suspect any unusual activities relating to your University account