Information on how accounts are compromised and what to do if you think your account has been compromised.
A compromised EU account is one accessed by a person not authorized to use the account. Criminals and hackers target EU users to gain:
- Access to the EU network, processing power, and/or storage they can use to commit crimes.
- Access to EU academic resources like the library and journal subscriptions.
- Information about you to steal your identity, commit fraud, and use your reputation to target your contacts for phishing and fraud.
When accounts are compromised, valuable computing resources and sensitive institutional and personal data are put at risk. Even accounts with limited or no access to institutional data and nothing private or of value in email or personal files are valuable to hackers.
How Accounts are Compromised
- Phishing. Emails that ask you to verify, validate, or upgrade your account by logging in to a webpage or providing your password are most likely phishing scams. EU will NEVER send email asking you to confirm your identity or provide confidential, personal information.
- Password Stolen on Another Site. Reusing your EU password on other sites, especially those where your EU email is your username, puts EU resources at risk. If your account on those sites is compromised, your EU account can be easily accessed.
- Password Sharing. If you shared your password with a friend, significant other, or family member, they might not have been as careful with it as you are.
- Malware. Use of an untrusted computer or a computer infected with a computer virus, running a keyboard logger, or subject to other malicious system compromises. Viruses are malicious programs. The term computer virus typically refers to programs that replicate and spread, although some use it to refer to any malware—adware, spyware, ransomware, and so on—that can damage your computer or compromise your account. To protect your devices from viruses: Install and run antivirus and anti-malware software.
- Unsecured network. If you log in to an EU website while on an unprotected Wi-Fi network, your account information could be stolen. Use secure networks, such as your cellular carrier network, EU-Net Wireless, or wired connections.
- Weak password. A short, simple password can be vulnerable to guessing or brute-force techniques.
Check to see if you have an account that has been compromised in a data breach
Have I been pwned is a website that allows internet users to check if their personal data has been compromised by data breaches. The site was created by security expert Troy Hunt and has been widely touted as a valuable resource for internet users wishing to protect their own security and privacy. If your address shows up on this list it doesn't necessarily mean that your account has been compromised but you should change your password. This is just one tool and therefore if your account doesn't show up on this site it doesn't mean that it hasn't been compromised. The site may be accessed at https://haveibeenpwned.com.
What to Do if Your Account is Compromised
Change your EU password
- If you suspect your EU account has been compromised or stolen:
- Change your EU password. See Password Management for links to reset your EU password. Do NOT set it back to something you have used previously.
- If you suspect a personal account has been compromised, change the password for that account. Choose a strong password and make it unique to that account. Do not use the same password for multiple accounts; that puts all your accounts at risk if one is compromised.