Home Compromised Accounts
A compromised account is defined as one that is accessed by an individual not authorized by U-M or the user to use the account. Compromised accounts put valuable computing resources and sensitive institutional and personal data at risk.
Information and Technology Services (ITS) is committed to ensure a secure computing environment. Even for users who have limited or no access to institutional data, and do not store anything of value on e-mail and personal files, a uniqname and password can be used to unlock University of Michigan computing resources and negatively affect others users and make institutional resources vulnerable. Criminals and hackers target U-M, like other institutions, trying to steal passwords in order gain network access, processing power, and/or storage to facilitate crimes. Stolen passwords also give the unauthorized user the ability to get into Wolverine Access, where your grades, financial or other personal information can be viewed.
In response to computer security incidents and perceived threats, there are times where accounts may be temporarily disabled to protect U-M computing resources. The following information helps explain what happens when accounts suspected of being compromised are disabled, what to do if you believe your account has been compromised, and preventative measures you can take to minimize your exposure to risk.
How are accounts compromised?
How are compromised accounts identified?
How does U-M deal with compromised accounts?
When ITS suspects a staff account is compromised, access to affected individual computing services (such as e-mail) may be temporarily restricted. Whenever practical, an IIA staff member will attempt to contact users by phone to ask them to change their password. When unable to reach the person within a couple hours (remember, the bad guys have access to the account during this time), their password will be expired to prevent use by anyone; affected users will have to contact ITS Access Services at (734) 764-HELP to have it reset.
ITS will work a staff member's unit computer security staff to help assess and manage possible risk to the unit's information technology resources, and collect forensic information to determine the scope of the incident and its cause.
If you are asked to change your password, follow these instructions:
Change your UMICH password at the UMICH accounts page. Click on the URL below or copy and paste this address into your browser:
Select a new password by following the important guidelines provided in the on-screen instructions. Your password will be evaluated for how secure it is by an online password strength checker.
Last modified: January 17 2013.