“We have parsed several log records that lead us to believe that your UMBC account credentials may have been compromised. As a precaution, your UMBC account password was scrambled today.
Please go to http://accounts.umbc.edu/ and click on I Forgot my Password. Walk through the steps using your security questions to set your password to something secure that only you know.
Here is UMBC's TSC FAQ page on how to reset your account password: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867942. If you have any issues with reset process, please contact the TSC at 410-455-3838.”
I stared at my computer shocked. Checking my personal email is a habitual task I do in the morning, after checking all of my social media profiles of course. Seeing a “your online order has been shipped” email first thing in the morning is always something I look forward to, but this wasn’t it. At first this email went completely over my head. Credentials...compromised?
I asked the DoIT employee who emailed me, what kind of logs they saw that could possibly mean my “credentials may have been compromised.” I was informed that I had not had a password change in my 3 years of being at UMBC. To be honest, I really didn’t think I needed to change it, but my password only being four characters didn’t help. I was told that my UMBC username and password were stolen by a hacker in Nigeria, and then was used to send out scam emails. How did this all happen right under my nose? Why would anyone care so much as to hack me? I’m just a random college kid living in Catonsville, MD. There is nothing special about me or what I do.
I learned that being a student in general made me an easy target for hacking. My password was weak, and I hadn’t changed it in years. The DoIT staff member explained to me that students have less secure accounts than faculty and staff. Most of the faculty and staff had something called two-factor authentication which made their accounts more secure. Also, as I am a perfect example, many students don’t put forth a lot of effort in making their passwords strong and secure. Because of all of this, it is easy for hackers to figure out a password like mine, and use it to send out spam to other students. Having “UMBC” in my email address makes my account seem trustworthy to other people (especially students). A hacker sending spam out through my UMBC email address is dangerous, for other students will trust what is being sent to them, making them vulnerable to hacking as well.
I never realized how being hacked could make me feel so frightened. Never once before this, did I ever think to worry about cybersecurity. I would of course see some of my Facebook friends have hacked accounts, but it never seemed like that big of a deal to me. Knowing that someone so far away could steal one of my most important credentials...well that felt almost like someone broke into my house. Even though this occurred over the internet, and no one physically robbed me; the scare was all of the same. Another mistake I have made, was using that password for all of my other accounts. What if that hacker had logged into my banking website, or my ICloud? These possibilities were something I had never thought about. Not securing my password, and changing it often was just as bad as leaving my door unlocked at night in a neighborhood that was known for robberies.
I was very appreciative that the security team from DoIT scrambled my password so that I could reset it. As soon as they saw malicious activity coming from my account, they immediately took action to remove the hacker from my account. Knowing that there is an organization at my school that can catch these types of attacks and quickly handle it was relieving.
Now it’s time to get ready for class. Even though it wasn’t an “order has shipped” email I received, it was an email that ended up being very beneficial to me. I learned a lot about being safer online, and now I can share that knowledge with my friends who I know for a fact have “1234” as their password.