Ball State has more than 36,000 stolen or fake emails listed on the dark web, according to a new study.
It’s the 69th most common email domain on the dark web, according to the Digital Citizens Alliance’s 2017 study, out of 300 schools on the list. And when taking Ball State's size into account, it's 22nd. In total, more than 13 million higher education emails are floating around the dark web. Indiana University ranked 12th and Purdue University came in 11th.
“The dangers vary with this,” said Matthew Solomon, sales director at ID Agent, which partnered with Digital Citizens Alliance for the study. “For a faculty member doing confidential research, it potentially could be a back door into their research. With students … their password could get exposed … and [hackers] could do fraudulent activity there.”
Through this, hackers can get financial information from the bursar, bring malware onto the university’s server and even access student’s personal data, Solomon said.
For faculty, the dangers could be even greater. Criminals can take their information to file fraudulent income tax returns, which causes all sorts of problems for them.
This occurred at Ball State, and many other universities, in 2015. At least 140 Ball State employees were victims of identity theft and income tax fraud.
This isn’t just an issue with universities, but universities have a unique challenge to keep email addresses secure because of the high amounts of people using the domain, Solomon said. .edu emails are also especially popular because buyers can use them to get discounts normally reserved for students and faculty for software or Amazon Prime memberships, according to the study.
But it isn’t the university’s fault the emails get breeched. If students and faculty use .edu emails on a third party site, that can contribute to their information getting stolen.
Universities have more data than commercial businesses or government entities, but don’t have as much resources to protect its property and users, according to the study.
“Protecting the missions of teaching, learning and community service takes precedence over protecting online credentials,” the study says.
Because of this, students should be careful to avoid phishing scams and to change their password frequently. Ball State warns students to avoid clicking links from unknown senders, even if it comes from a Ball State account.
In 2016, a former U.S. State Department employee was sentenced to nearly five years in prison for hacking into college women's emails and threatening to expose their sexually explicit photos. He did it by sending phishing emails to women, including some at Ball State.
RELATED: Former U.S. State Department employee sentenced for hacking college email accounts
“Any email asking for confidential information such as your Ball State password, bank account information, or your Social Security number should be deleted,” the Officer of Information Security Services cautioned students online. “Never respond to emails asking for confidential information.”
Ball State tells students to delete any emails asking them to validate their username and password because the emails are not legitimate.
RELATED: Ball State Information Security Operations teaches students importance of cyber security
When it comes to passwords, if someone uses the same or a similar password on their .edu account as they do on Amazon or other websites, then a hacker can easily get into both accounts. Almost 90 percent of people between the ages of 18-30 reuse passwords, according to the study.
One researcher told the Digital Citizens Alliance “the college password is not just a key, it is the keychain.”
This is why students should change their password often and not use the same one for multiple websites, Solomon said.
It’s a lot to ask of students to do, he said, but it does make a difference.
To see if your email has been breeched, enter it at haveibeenpwned.com.
Read More
Top-seeded Cardinals’ postseason run ends with upset loss to Lindenwood
By Adam Altobella / 7 hours agoNo. 10 Ball State was upset by No. 18 Lindenwood in a five-set battle (25-20, 21-25, 25-23, 19-25, 11-15) on the Cardinals’ home court Thursday night. With how scarce at-large bids to the NCAA men’s volleyball tournament are, it is likely that the red and white’s 2024 campaign is over.
Retired high school teacher holds presentation about history of Berlin Wall
By Emma Matlock / 13 hours agoTom Schwartz, a retired Bluffton High School Teacher, talks about the art on the Berlin Wall on April 15, 2024.
Fatal accident along McGalliard Road and Tillotson Avenue
By Staff Reports / 14 hours agoA police chase that began in neighboring Henry County the morning of April 18 ended in Muncie at the McGalliard Road and Tillotson Avenue intersection, according to a press release from the Muncie Police Department (MPD).
