If someone has your e-mail address and password, they can use it to get access to other sites you might be logged into — from social media sites to your bank.
The hacked e-mails to be used as spoofed e-mails to trick other people into giving up information.
"What is more trusted than an e-mail coming from a .edu address?" Dunn told the Free Press. "They can be used to launch malaware or Trojan horse attacks, because people might be more willing to click on an e-mail coming from an .edu e-mail address, thinking it's real."
There could also be national security concerns.
"University faculty are often recruited to do important government-funded research," the report said. "While it is illegal for university resources (including e-mail) to be used for classified research, a rogue nation-state could first target a professor’s college e-mail to pinpoint another account where those classified communiques might reside."
The hacked e-mail addresses could also be used for something as simple as getting discounts at online businesses targeted for students and faculty.
The problem is exploding, the report notes. About 10,984,000 credentials with login IDs that had the .edu suffix have been discovered within the past 12 months.
So what can society do? Universities can continue to spend money on IT departments, even in tough times, to make sure data is well protected.
And people themselves? They should practice "good password hygiene," said Adam Benson, deputy executive director at the Digital Citizens Alliance. That includes using password managers and making sure old passwords are cleaned up.
©2017 the Detroit Free Press Distributed by Tribune Content Agency, LLC.
