Compromised Accounts

A compromised U-M account is one accessed by a person not authorized to use the account. Criminals and hackers target U-M users to gain:

  • Access to the U-M network, processing power, and/or storage they can use to commit crimes.
  • Access to U-M academic resources, like the library and journal subscriptions.
  • Information about you that can be used to steal your identity, commit fraud, and target your email contacts for phishing and fraud.

When accounts are compromised, valuable computing resources and sensitive institutional and personal data are put at risk. Even accounts with limited or no access to institutional data and nothing the user considers private in email or personal files are valuable to hackers. Your U-M account provides access to your student or Human Resources record, your email, and perhaps your grades, direct deposit details, and other personal information.

How Accounts are Compromised

  • Phishing. Emails that ask you to verify, validate, or upgrade your account by logging in to a webpage or providing your password are most likely phishing scams. Learn more and protect yourself with the information on Spam, Phishing, and Suspicious Email. U-M will NEVER send email asking you to confirm your identity or provide confidential, personal information.
  • Password Stolen on Another Site. Reusing your U-M password on other sites, especially those where your umich.edu email is your username, puts U-M resources at risk. If your account on those sites is compromised, your U-M account can be easily accessed.
  • Password Sharing. If you shared your password with a friend, significant other, or family member, they might not have been as careful with it as you are.
  • Malware. Use of an untrusted computer or a computer infected with a computer virus, running a keyboard logger, or subject to other malicious system compromises. See Viruses for software you can use to keep your computer safe.
  • Unsecured network. If you log in to a U-M website like Wolverine Access while on an unprotected wi-fi network, your account information could be stolen. Remember to always Use a Secure Internet Connection.
  • Weak password. A short, simple password can be vulnerable to guessing or brute-force techniques. See the Password Security Checklist for other ways to keep your password safe.

How IA Identifies Compromised Accounts

  • Reports from compromised users. Some compromised account reports lead Information Assurance (IA) to discover other affected account-holders. Because of this, please report any suspected account compromise, even if you’ve already changed your password.
  • System monitoring. Automated system monitoring alerts systems administrators to suspicious or unauthorized activity.
  • “Abuse” complaints. Complaints or alerts received from third parties about spam or network-based attacks coming from U-M accounts.
  • Log analysis. Investigation of security incidents sometimes reveals evidence of compromised accounts.

If IA identifies your UMICH account as compromised

  1. Your UMICH (Level-1) password will be randomized.
  2. Your UMICH account recovery information will be cleared. You will need to reset you account recovery information in UMICH Account Management to reset your forgotten password in the future.
  3. Contact the ITS Service Center by phone at 734-764-4357 (4-HELP) to have your password reset. Members of the Michigan Medicine community can contact the HITS Service Desk at 734-936-8000. Those at UM-Dearborn can call the Dearborn ITS Service Desk at 313-593-4357 (HELP).
  4. If you are a U-M employee, you may be contacted via email or phone by an IIA staff member. IIA will work with your unit as necessary to determine if other information was accessed.

No matter what:

  • DO NOT change your password back to what it was when it was compromised.
  • DO NOT change it to a password you use for other sites.
  • DO NOT reuse your UMICH password for other sites and services.

See Also

What to Do If Your Account Is Compromised