Monthly Archives: January 2019

NEWS: “Collection #1” Data Breach

News

On January 17th, 2019, the media began reporting on a large collection of breached data, known as “Collection #1”.  This collection contains millions of email addresses and passwords and was posted publicly on the Internet.

The data was discovered by a security researcher named Troy Hunt.  He posted a description of the data on his blog at The 773 Million Record “Collection #1” Data Breach.  It is important to note that the breached data is not recent and that the information is limited to email addresses and passwords (i.e., no credit card information, health records or social security numbers).

We do not believe this data contains any legitimate login or password information for accessing Vassar business systems.  However, your Vassar email address may appear in the data collection when you used this email address to sign up for a third-party service.

What should I do?

  1. Use strong passwords – use more characters in your password to make them harder to guess
  2. Use different passwords – make sure you use different passwords for different sites.  Never use your Vassar password for any service outside of Vassar College. That way, if a third-party site is breached, that password can’t be used to access Vassar data.  A password manager can help you with good password habits. Vassar offers LastPass Premium for free to all active community members. Find out more at https://servicedesk.vassar.edu/catalog_items/751530-password-management/service_requests/new
  3. Check your email addresses for breaches –  the website https://haveibeenpwned.com/ will tell you if your information is included in the “Collection #1” breach or any others.  Vassar requires password changes once every year.  This means the risk of your new password being known is low.  However, you should change older passwords on other websites if your email address does appear in the breach information.
  4. Check your password –  you can also see if your current or new passwords have appeared in any data breaches at https://haveibeenpwned.com/Passwords 
  5. Enable Multi-Factor Authentication – Vassar offers Duo to protect many services, including Google Apps, Moodle, Workday, and Banner.  Learn more at https://servicedesk.vassar.edu/solutions/571021-vassarone-setting-up-multi-factor-authentication-with-duo  For your personal accounts, enable it wherever it is offered, especially for banking websites.

If you have questions or concerns about this incident or any other Information Security topic, please send an email to infosecurity@vassar.edu.  Always report suspicious emails to catchoftheday@vassar.edu.

Suspicious emails impersonating Dean Chenette

Fraud

We have received multiple reports of email messages claiming to be from Jon Chenette,  Dean of the Faculty.  These messages come from a gmail.com address, not from a vassar.edu address.  The message asks the recipient to reply quickly for an unspecified favor.

If you receive one of these messages, please ignore and delete it.  If you engage the sender, it will lead to a fraudulent financial transaction.  This email is from a criminal who is trying to steal money.  The individual would try to convince the recipients to purchase an Amazon gift card and send back the redemption code.

Thank you for your attention and thank you as always for reporting suspicious emails!  The diligence from our community members keeps all of us at Vassar College more safe and secure.