You may have heard reports about a series of major data breach involving LinkedIn, Tumblr, MySpace, and Fling that occurred a few years ago. This activity (known as a mega breach) exposed an estimated 750 million account usernames and passwords. Mega breaches are defined as data breach incidents that cause the exposure of at least 10 million identities.
In recent weeks those exposed usernames and passwords that were part of the LinkedIn, Tumblr, MySpace, and Fling mega breach, are now being sold online for use by other hackers.
There were 199 @ucsc.edu addresses listed in the breach, so while our campus wasn't breached, ITS has reached out to the people on the list asking them to change their Blue and Gold passwords only if they used those same passwords for personal accounts, e.g., Facebook, Netflix, Amazon, etc.
Advice for the UCSC community from ITS security experts:
- Best practice is to have a strong password for each of your accounts and NEVER reuse them! Use Strong Passwords
- Passwords can be securely stored using a variety of free and low-cost encryption tools designed to manage passwords, including Mac OS keychain, LastPass, 1password, Password Wallet, and Password Safe.
- Use two-factor authentication wherever you can, including Google's two-step authentication.
- Manage/change your UCSC passwords at: http://its.ucsc.edu/accounts/passwords.html
If you need help changing your password, please contact the ITS Support Center.