"U.S. Academic Credentials Displayed in Public and Dark Web Forums"

The cyber division of the Federal Bureau of Investigation (FBI) has recently warned universities and colleges located in the U.S. that higher education credentials have been advertised for sale on online criminal marketplaces and publically accessible sites.  As of January 2022, Russian cyber-criminal forums offered access to credentials from several universities and colleges across the country, with prices ranging from a few to multiple thousands of dollars.  In May 2021, over 36,000 email and password combinations (some of which may have been duplicates) for email accounts ending in .edu were found on a publicly available instant messaging platform.  The FBI warned that the exposure of such sensitive credential and network access information could lead to cyberattacks against individual users or affiliated organizations, particularly in the case of privileged user accounts.  The FBI explained that credential harvesting against organizations is often caused by spear-phishing, ransomware, or other cyber intrusion tactics.  To mitigate these threats, the FBI called for colleges, universities, and all academic entities to establish and maintain strong relationships with the FBI Field Office in their region.  Moreover, the FBI also recommended that academic entities keep all systems and software up-to-date, implement user training programs and phishing exercises for students and faculty members, and implement strong password hygiene measures.

Infosecurity reports: "U.S. Academic Credentials Displayed in Public and Dark Web Forums"