Security researchers have found that 2.2 million credentials associated with the top 100 UK universities available on the dark web have been compromised, putting staff, students and their data at risk.
Crossword Cybersecurity’s Trillion risk monitoring service discovered the credentials. More than half (54%) claimed to belong to the Russell Group elite organization.
For more information on threats to universities, read 85% of top UK universities at risk of email fraud.
According to the latest statistics, there will be around 2.2 million students in UK tertiary institutions in 2021/22, including 680,000 international students and a further 234,000 staff.
So while the scale of the find is potentially significant, there is no information on how many of the affected people are still attending college.
Crossword Cybersecurity highlighted the potential risk to sensitive research if threat actors were able to access user accounts with compromised credentials. More than half (54%) of the compromised credentials came from UK universities with research facilities, according to the report, making government-funded programs in areas such as nuclear and defense potentially dangerous. It is said that it is exposed.
“UK universities and research institutions are among the most respected in the world, and protecting their reputation requires the information shared by the public and private sectors for students, staff and research projects through effective cybersecurity practices. ,” argued Crossword. Cybersecurity Managing Director Stuart Jab.
“We recognize that these environments are among the most difficult to secure due to overlapping confidentiality and openness requirements. We believe that cybersecurity practices in all organizations, not just the education sector, should include proactive security measures.” Oversight and requirements for multi-factor authentication. ”
Theoretically, attackers may not only be looking for university credentials for unpublished research. They may want to steal personally identifiable and sensitive information (PII) from staff and students, or attempt phishing and identity fraud.
The report found that the country’s top 30 universities were up to 50% more likely to have a credential breach than other top 100 universities, with London universities having more login breaches than universities in Scotland, Wales and Northern Ireland. (506,330 cases) were found to be large. Total (465,767).
