Information on how accounts are compromised and what to do if you think your account
has been compromised.
A compromised EU account is one accessed by a person not authorized to use the account.
Criminals and hackers target EU users to gain:
Access to the EU network, processing power, and/or storage they can use to commit
Access to EU academic resources like the library and journal subscriptions.
Information about you to steal your identity, commit fraud, and use your reputation
to target your contacts for phishing and fraud.
When accounts are compromised, valuable computing resources and sensitive institutional
and personal data are put at risk. Even accounts with limited or no access to institutional
data and nothing private or of value in email or personal files are valuable to hackers.
How Accounts are Compromised
Phishing. Emails that ask you to verify, validate, or upgrade your account by logging in
to a webpage or providing your password are most likely phishing scams. EU will NEVER
send email asking you to confirm your identity or provide confidential, personal information.
Password Stolen on Another Site. Reusing your EU password on other sites, especially those where your EU email is
your username, puts EU resources at risk. If your account on those sites is compromised,
your EU account can be easily accessed.
Password Sharing. If you shared your password with a friend, significant other, or family member,
they might not have been as careful with it as you are.
Malware. Use of an untrusted computer or a computer infected with a computer virus, running
a keyboard logger, or subject to other malicious system compromises. Viruses are
malicious programs. The term computer virus typically refers to programs that replicate
and spread, although some use it to refer to any malware—adware, spyware, ransomware,
and so on—that can damage your computer or compromise your account. To protect your
devices from viruses: Install and run antivirus and anti-malware software.
Unsecured network. If you log in to an EU website while on an unprotected Wi-Fi network, your account
information could be stolen. Use secure networks, such as your cellular carrier network,
EU-Net Wireless, or wired connections.
Weak password. A short, simple password can be vulnerable to guessing or brute-force techniques.
Check to see if you have an account that has been compromised in a data breach
Have I been pwned is a website that allows internet users to check if their personal
data has been compromised by data breaches. The site was created by security expert
Troy Hunt and has been widely touted as a valuable resource for internet users wishing
to protect their own security and privacy. If your address shows up on this list it
doesn't necessarily mean that your account has been compromised but you should change
your password. This is just one tool and therefore if your account doesn't show up
on this site it doesn't mean that it hasn't been compromised. The site may be accessed
What to Do if Your Account is Compromised
Change your EU password
If you suspectyour EU accounthas been compromised or stolen:
Change your EU password. SeePassword Management for links to reset your EU password. Do NOT set it back to something you have used
If you suspect apersonal accounthas been compromised, change the password for that account. Choose a strong password
and make it unique to that account. Do not use the same password for multiple accounts;
that puts all your accounts at risk if one is compromised.