Today, Digital Citizens Alliance published a report that focuses on how exposed Universities and Colleges' populations are on the dark web. Specifically, they looked at the levels of compromised credentials associated with .edu’s on the dark web. ID agent provided data to support the report.
The Digital Citizens Alliance’s Deputy Executive Director Adam Benson said the Washington, DC nonprofit wanted to demonstrate the scale of the problem and the complexity facing large organizations trying to protect e-mail users. “Higher Education Institutions have deployed resources and talent to make university communities safer, but highly-skilled and diabolical cyber criminals make it a challenge to protect large groups of highly-desirable digital targets,” Benson said. “We shared this information from cybersecurity researchers to create more awareness of just what kinds of things threat actors are capable of doing with an .edu account.”
While every industry is dealing with credential exposures from both internal threats and 3rd party website breaches, Higher Education Institutions (HEI’s) have a unique challenge because of the multiple populations they serve. Depending on the security policies, a HEI has populations of Students, Faculty, Staff and Alumni. In addition to the layers of population, they have new populations (freshman students) every year at levels most organizations or government agencies don’t face.
The charts in this report focus on showing the total number of stolen credentials and percentage of exposures of the 300 largest university and college communities found within the Dark Web.
We want to extend an olive branch to HEI’s and are happy to share some of the data we found. If your university or college is not on the list, we can still run a courtesy search for you.
Research included e-mail domains that matched ID Agent’s search parameters. We are certain that some e-mails are from e-mail domains not managed by the HEI. Fake e-mails designed to resemble a school’s actual e-mail also pose threats to those inside the HEI community and the public. Also, ID Agent does not confirm that account passwords are valid, i.e. provided access to the e-mail account. Attempting to gain unauthorized access to a privileged account or network is illegal.
Dark Web ID Team