The recent publication of more than two billion electronic files included thousands of Indiana University usernames and passwords.
Information in the file dump came from hacks of companies such as LinkedIn, Myspace, and Dropbox. Individuals used their university email addresses to register for one these websites that was hacked.
Scans of the files by IU’s cybersecurity team found 2,600 sets of credentials associated with the university.
Chief of Staff of the Office of the Vice President of IT and CIO Daniel Calarco says a majority of the credentials belonged to individuals who are no longer IU students or employees.
“Most of our users did the right thing,” Calarco says. “They were responsible in their computing and they weren’t reusing passwords on sites which is something that we advise them to do.”
The security team found 10 accounts active and had their passwords scrambled.
Calarco says he does not believe there was any fraudulent access to sensitive information. He says other measures such as two-step logins and two-year password resets helped to keep university information safe.