The nonprofit Digital Citizens Alliance released the report “Cyber Criminals, College Credentials, and the Dark Web”, which shows that .edu email addresses are very prone to cyber theft.
The researchers worked with two companies that specialize in the Dark Web, and during the 8 years that the study tool place, they discovered:
- A total of 13,930,176 email addresses and passwords belonging to faculty, staff, students, and alumni at U.S. higher education institutions available to cyber criminals on Dark Web sites.
- The University of Michigan had the most credentials offered on the Dark Web with a total of 122,556.
- The Massachusetts Institute of Technology had the highest ratio of total stolen e-mail accounts to total current users.
- The largest number of e-mails available came from schools in California, followed by New York, Michigan, Texas, and Pennsylvania.
- Vendors claiming to be affiliated with terrorist organizations offering stolen credentials on Dark Web sites.
- Higher education institutions credentials are offered for free on many open Dark Web sites to anyone.
- Private marketplaces or members only sites offering credentials (along with Social Security Numbers, bank account information, credit card data, and personal identity information) for sale.
Adam Benson, Digital Citizens Alliance’s Deputy Executive Director, said that the nonprofit wanted to show the risk that institutions are facing.
“Higher Education Institutions have deployed resources and talent to make university communities safer, but highly-skilled and opportunistic cyber criminals make it a challenge to protect large groups of highly-desirable digital targets,” Benson remarked.