Home
Home Students Faculty and Staff IT Security Community
Protect Your Computer
and Data
Report an IT Security
Incident
Services
Sensitive Data Guide
Digital Copyright
Compliance
Training
IT Security Events
F.A.Q.
About IIA
Help
left navigation bottom border

Home arrow Compromised Accounts

Compromised Accounts

A compromised account is defined as one that is accessed by an individual not authorized by U-M or the user to use the account. Compromised accounts put valuable computing resources and sensitive institutional and personal data at risk.

Information and Technology Services (ITS) is committed to ensure a secure computing environment. Even for users who have limited or no access to institutional data, and do not store anything of value on e-mail and personal files, a uniqname and password can be used to unlock University of Michigan computing resources and negatively affect others users and make institutional resources vulnerable. Criminals and hackers target U-M, like other institutions, trying to steal passwords in order gain network access, processing power, and/or storage to facilitate crimes. Stolen passwords also give the unauthorized user the ability to get into Wolverine Access, where your grades, financial or other personal information can be viewed.

In response to computer security incidents and perceived threats, there are times where accounts may be temporarily disabled to protect U-M computing resources. The following information helps explain what happens when accounts suspected of being compromised are disabled, what to do if you believe your account has been compromised, and preventative measures you can take to minimize your exposure to risk.

How are accounts compromised?

Phishing:

Beware of emails urging you to verify, validate, or upgrade your account, by sending your password in a reply, or by clicking a link in the email and entering your password into a data collection form on a non-UM web site. Recent examples of real-life phishing attempts can be seen at safecomputing.umich.edu.

U-M or any other reputable institution will NEVER ask students, faculty or staff to confirm their identity, or provide confidential or personal information by e-mail.

Exposure of same password used on a different site:

Do not reuse your U-M password on other sites, especially those where you may use your umich.edu email address as a login id! If logins to those accounts happen through insecure connections, your password may have been intercepted.
Password Sharing:

You may have shared your password with a friend of relative, and they might not have been as careful with it as you are.
Malware:

You may have used an untrusted computer or computer that was infected by a Trojan, running a keyboard logger, or was subject to other malicious system compromises.
Weak password:

Unless you have a long, complicated, password, it may be vulnerable to guessing or brute-force techniques.

How are compromised accounts identified?

System
monitoring:

Automated system monitoring alerts systems administrators about suspicious or unauthorized activity.
"Abuse" complaints:

Complaints or alerts received from third party notifications external to the University about spam or network based attacks.
Log analysis:

Investigation of other incidents sometimes reveals other compromised accounts.

How does U-M deal with compromised accounts?

When ITS suspects a staff account is compromised, access to affected individual computing services (such as e-mail) may be temporarily restricted. Whenever practical, an IIA staff member will attempt to contact users by phone to ask them to change their password. When unable to reach the person within a couple hours (remember, the bad guys have access to the account during this time), their password will be expired to prevent use by anyone; affected users will have to contact ITS Access Services at (734) 764-HELP to have it reset.

ITS will work a staff member's unit computer security staff to help assess and manage possible risk to the unit's information technology resources, and collect forensic information to determine the scope of the incident and its cause.

If you are asked to change your password, follow these instructions:

Change your UMICH password at the UMICH accounts page. Click on the URL below or copy and paste this address into your browser:

http://www.umich.edu/password

Select a new password by following the important guidelines provided in the on-screen instructions. Your password will be evaluated for how secure it is by an online password strength checker.

Last modified: January 17 2013.