Research carried out by RepKnight, a cybersecurity firm, has found over 600,000 email addresses on the dark web associated with either Cambridge or Oxford universities.
Of the 600,000 email addresses, around 400,000 belong to the Cambridge University domain.
University students’ credentials have always been a hot market on the dark web and this case only adds to the count.
Earlier last year, a report from Digital Citizens Alliance found up to 14 million email addresses associated with 300 U.S. universities posted for sale on the dark web.
Emails obtained from educational institutions pose a significant threat to cybersecurity as they can be used to launch widespread phishing scams or data breaches on the compromised institutions.
The Research Findings
According to RepKnight’s report, the research was carried out based on a list of domains of every college, faculty and administrative department in the associated universities. The researchers used RepKnight’s dark web monitoring tool, BreachAlert.
The research found out that more than half of Oxford’s exposed credentials were associated with particular colleges, while 97 percent of those from Cambridge were from faculty or departments.
A further analysis on 24 leading U.K. universities led to the discovery of nearly 5 million exposed credentials.
Educational institutions collect personal information that is very valuable, making them viable targets for cybercriminals. These institutions are also hard to secure, as access to information is made easier for the students.
Credentials obtained from these institutions are very credible, thus raising little or no suspicion when used. As a result, this information can be easily used to carry out identity thefts and acquire incentives that are usually accorded to students.
Can Data Breaches in the Education Sector Be Prevented?
According to a report published by Gemalto, a digital security firm, there were 918 data breaches in the first half of 2017 that resulted in 1.9 billion compromised data records.
Of all these, outsider breaches accounted for 74 percent while insider breaches accounted for 8 percent only.
Identity thefts accounted for 74 percent of all the data breaches. The education sector witnessed a 103 percent increase in breaches and a 4,000 percent increase in compromised records.
This trend is worrying and possesses a huge threat to cybersecurity considering what the exposed information can be used to accomplish. It also indicates that cybercriminals are well aware of the weaknesses in the security of education sector systems and are willing to exploit them.
These institutions must take preventive measures that include:
- The login systems should be set to allow or deny access to login attempts based on more than the password and login details.
- The system should use details of location, time and device being used to make the login attempts to decide whether to allow or deny access.
- The use of these details can easily help spot suspicious login attempts and result to the appropriate responses.
Students are also prone to password sharing, and this may contribute to insider breach attempts. To prevent this:
- The system should be set to prevent concurrent logins, meaning a student should be restricted to a single session at any particular time. This helps in preventing logins from an attacker at the same time a genuine student is logged in. In case of a breach, the students can be held accountable by checking their login histories.
- The other way is by limiting the access students’ credentials can have. Students should only be allowed access to certain levels of the network, meaning they have limited access to sensitive information. This can help in securing the network as the institutions have more control.
Additionally, educational institutions should have the appropriate software and tools to carry out network traffic monitoring that will help in detection of malicious activities and stop them before they run out of control.
Personal errors also contribute immensely to data breaches and as such, all involved parties must take extra care in ensuring they do not disclose sensitive information either knowingly or unknowingly.
The dark web will always provide marketplaces through which cybercriminals can sell and buy credentials. It is therefore everyone’s business to ensure their credentials are not up for sale.