Ball State 69th most common stolen email domain on dark web

<p>Ball State has more than 36,000 stolen or fake emails listed and is the 69th most common email domain&nbsp;on the dark web,&nbsp;according to the Digital Citizens Alliance’s 2017 study. There are over&nbsp;13 million higher education emails floating around&nbsp;the dark web, with Indiana University ranked 12th and Purdue University ranked 11th. <em>Grace Ramey // DN&nbsp;</em><i style="background-color: initial;">Photo Illustration</i></p>

Ball State has more than 36,000 stolen or fake emails listed and is the 69th most common email domain on the dark web, according to the Digital Citizens Alliance’s 2017 study. There are over 13 million higher education emails floating around the dark web, with Indiana University ranked 12th and Purdue University ranked 11th. Grace Ramey // DN Photo Illustration

Ball State has more than 36,000 stolen or fake emails listed on the dark web, according to a new study.

It’s the 69th most common email domain on the dark web,  according to the Digital Citizens Alliance’s 2017 study, out of 300 schools on the list. And when taking Ball State's size into account, it's 22nd. In total, more than 13 million higher education emails are floating around the dark web. Indiana University ranked 12th and Purdue University came in 11th.

“The dangers vary with this,” said Matthew Solomon, sales director at  ID Agent, which partnered with Digital Citizens Alliance for the study. “For a faculty member doing confidential research, it potentially could be a back door into their research. With students … their password could get exposed … and [hackers] could do fraudulent activity there.”

Through this, hackers can get financial information from the bursar, bring malware onto the university’s server and even access student’s personal data, Solomon said.

For faculty, the dangers could be even greater. Criminals can take their information to file fraudulent income tax returns, which causes all sorts of problems for them.

This occurred at Ball State, and many other universities, in 2015. At least 140 Ball State employees were victims of identity theft and income tax fraud.

RELATED: Ball State tax fraud, identity thefts part of larger trend, Indiana Attorney General representative says

This isn’t just an issue with universities, but universities have a unique challenge to keep email addresses secure because of the high amounts of people using the domain, Solomon said. .edu emails are also especially popular because buyers can use them to get discounts normally reserved for students and faculty for software or Amazon Prime memberships, according to the study.

But it isn’t the university’s fault the emails get breeched. If students and faculty use .edu emails on a third party site, that can contribute to their information getting stolen.

Universities have more data than commercial businesses or government entities, but don’t have as much resources to protect its property and users, according to the study.

“Protecting the missions of teaching, learning and community service takes precedence over protecting online credentials,” the study says.

Because of this, students should be careful to avoid  phishing scams and to change their password frequently. Ball State warns students to avoid clicking links from unknown senders, even if it comes from a Ball State account.

In 2016, a former U.S. State Department employee was sentenced to nearly five years in prison for hacking into college women's emails and threatening to expose their sexually explicit photos. He did it by sending phishing emails to women, including some at Ball State. 

RELATED: Former U.S. State Department employee sentenced for hacking college email accounts

“Any email asking for confidential information such as your Ball State password, bank account information, or your Social Security number should be deleted,” the Officer of Information Security Services cautioned students online. “Never respond to emails asking for confidential information.”

Ball State tells students to delete any emails asking them to validate their username and password because the emails are not legitimate.

RELATED: Ball State Information Security Operations teaches students importance of cyber security

When it comes to passwords, if someone uses the same or a similar password on their .edu account as they do on Amazon or other websites, then a hacker can easily get into both accounts. Almost 90 percent of people between the ages of 18-30 reuse passwords, according to the study.

One researcher told the Digital Citizens Alliance “the college password is not just a key, it is the keychain.”

This is why students should change their password often and not use the same one for multiple websites, Solomon said.

It’s a lot to ask of students to do, he said, but it does make a difference.

To see if your email has been breeched, enter it at  haveibeenpwned.com.

Comments

More from The Daily






Loading Recent Classifieds...