Are you searching for stolen US University email credentials? Search on the Dark Web

Pierluigi Paganini March 30, 2017

According to a new research published by the nonprofit DCA, millions of stolen US University email credentials are available for sale on the Dark Web.

According to a new research published by the nonprofit Digital Citizens Alliance (DCA) that searched the Dark Web for credentials from the top 300 US universities, millions of stolen email credentials are available for sale.

Stolen email credentials from the largest US universities are a precious commodity in the dark web, crooks are offering them for a price ranging from $3.50 to $10 apiece.

The researchers, supported by a research firm ID Agent, found 13,930,176 credentials from those big schools, mostly from the University of Michigan (122,556), Penn State (119,350), University of Minnesota (117,604), Michigan State (115,973), and Ohio State (114,032).

DCA university credentials dark web

The MIT is the institute with the highest ratio of stolen and spoofed email addresses to number of enrolled and staff, 2.81:1, followed by Carnegie Mellon University, 2.4:1, and the Cornell University, 2.39:1.

“I’ve been scraping the Dark Web since 2009. There were 2.2 million .edu [emails] there back in 2015, 2.8 million in 2016, and now almost 14 million a year later. That’s a significant spike,” explained Brian Dunn, managing partner at ID Agent.

According to the researchers, the huge amount of stolen records was obtained through third-party website breaches, and during 2016 the number of data breaches was very high.

“There have been significant third-party breaches in 2016,” said Dunn. ID Agent observed a 547% increase in all types of stolen credentials offered for sale in the Dark Web over the past three years.

According to the DCA, the report only analyzed credentials belonging to the major US universities, this means that there is the possibility that in the dark net sellers are offering credentials for other smaller universities.

“[The] .edu [domain] is a generally valuable email domain just like .gov and .mil,” Dunn concluded.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Digital Citizens Alliance, DDoS)



you might also like

leave a comment