Usernames, email addresses and password hashes have been compromised
On Tuesday, EDUCAUSE – a nonprofit association whose mission is to advance higher education by promoting the intelligent use of IT – published an advisory urging users to immediately change their passwords because hackers had breached one of the organization’s servers.According to EDUCAUSE, the cybercriminals might have gained access to information such as names, titles, email addresses, usernames and hashed passwords.
On the other hand, the breach might have also compromised the hashed passwords of .edu domain holders. This is why administrators are also advised to change the domain passwords.
EDUCAUSE has notified all affected members. In the meantime, the association has deactivated all passwords.
Fortunately, InCommon users are not affected. Another piece of good news is that there’s no evidence to suggest that sensitive personal or financial information has been accessed by the hackers.
Federal law enforcement, investigators and security experts have been called in and additional security measures are being implemented to prevent future incidents.