The Federal Bureau of Investigation, aka FBI, has issued a notification that student credentials from many renowned colleges and universities operating in the US were up for sale on the dark web and some public domains.
According to the report, the data was dumped in January 2022 on a Russian criminal forum and was being sold single digit figure in thousands of US Dollars. While some email IDs ending with. edu were found on a public platform, some credentials, say about 36,000 of email and password combinations, were found being sold for $1200.
It is unclear how many of those published credentials were functioning now. However, the fee offered was reportedly low and so those interested in buying were ready to grab them in a deal without checking for the credibility of the leaked information.
Usually, such credentials are exploited by cyber criminals in credential stuffing campaigns to compromise computer networks of Universities and other educational institutes.
FBI argues that the criminals might have gained the information from ransomware attacks, spear-phishing campaigns, and by using other cyber invasion tactics.
Interestingly, the law enforcement agency is asking the IT heads of such institutes to maintain strong bonding with their local FBI Field Office and is asking them to improve their current cybersecurity posture by taking proactive measures.
It is also asking its users to keep their computer systems updated with the latest software, create awareness among employees about the current threats lurking in the cyber landscape, and training the students and staff in phishing exercises from time to time, along with a habit of implementing strong password hygiene.