The IT Security Officer informs about current Password Leaks
Help, my HU email address is one of 2.2 billion in the current password leak!
Many news these days refer to password leaks: currently, 2.2 billion have been reported (2019-01-25, cnet.com or https://heise.de/-4287538). Such leaks contain personal data that has been unlawfully captured by hackers. Especially, account data for registration in online services were captured, whereby each account consists of one email address and one password. Security researchers have processed the 2.2 billion account data, allowing each user to check his or her own email address, e.g., using the Hasso Plattner Institute's Identity Leak Checker (ILC) or Have I Been Pwned (HIBP).
What should I do if my HU email address is affected?
First, you should keep calm. At HIBP, a discovery only means that your HU email address is part of a leak. ILC is more responsive (see online examples) and mentions whether a suitable password is known. Although the situation is not clear, you should change your HU password as a precaution if your HU email address was found in a leak.
If you have also used your HU password to register with external online services (such as LinkedIn, Adobe, Apple, Skype etc.), you should also change it! In this case, your HU password could be included in a leak together with one of your other email addresses. Each password should only be used for one single service and especially your HU password should only be used in conjunction with your HU account.
Unfortunately, it is not necessarily known for which online service the found email address was used. Accordingly, those passwords should be changed for all online services where the email address found was used for registration.
Contact
cms-benutzerberatung@hu-berlin.de