FYI -----Original Message----- From: Scott Finlon via RT [mailto:[email protected]] Sent: Monday, July 24, 2017 8:16 AM To: Dexter Caldwell <[email protected]> Subject: [soc.ren-isac.net #72845] RE: [REN-ISAC] ** Notification ** Compromised Credentials
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Dexter, The full credentials are below: [email protected]:Kewpiedoll1 Please let us know if you have any further questions or concerns. Thank you, Scott Finlon Principal Security Engineer REN-ISAC On 2017-07-24T11:02:45Z, [email protected] wrote: > Hello, > Can you please provide full details or additional details? > We'd like to reach the user and determine whether or not these account > or the organization were potentially exposed. > > Thanks, > > Dexter Caldwell > Dir. Systems & Networks > Information Technology Services > Furman University > 3300 Poinsett Hwy > Greenville, SC 29613 > email: [email protected] > office: 864-294-3566 > facsimile: 864-294.3001 > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Friday, July 21, 2017 9:52 AM > To: Dexter Caldwell <[email protected]> > Cc: [email protected] > Subject: [REN-ISAC] ** Notification ** Compromised Credentials > > Greetings, > > It has been brought to the attention of the REN-ISAC that some > credentials from your institution have appeared in a credential dump. > Most of these credential dumps are discovered on publicly accessible > sources. These credentials may be the actual sets used to access your > institution's information resources or it may be a user utilizing > their email at a 3rd party site. Even if the credentials are not used > on your institutions information resources, it may be worth > investigating as these credentials are sometimes captured via password > stealers. It is also common for users reuse their passwords or > variations of the same password at different sites. > > We have no way of determining when the credentials themselves were > stolen/acquired. We only know that they have been disclosed within the > last few days. This means we are unable to determine if the accounts > listed are current, active, or years old. If the accounts are old, > please respond and tell us. If you are reporting an account as old, > please also state your re-use policy if you do re-use accounts, as we > have no way of determining if the account will be put back into > circulation. This will help us 'age' future credential sets and > prevent re-notification on very old accounts/credentials. > > By default we do not provide full details in the initial notification. > If you would like the full details of the reported credentials, please > reply to this notification and let us know. > > Additional Information: > > [Credentials] > [email protected] > > [Credential Header] > Pastebin title: Free Facebook Accounts 100+ Pastebin author: > Dottrappin > > email:password > > [Comment] > > > [Source] > pastebin http://pastebin.com/x3rttJVe > > > Should you feel you've received this report in error, please let us > know. > > In order for the REN-ISAC to learn how we can best aid the education > community with network security matters we'd greatly appreciate > hearing back from you regarding action on this incident and how, if at > all, this information proved useful. > > On behalf of the REN-ISAC team, > -- > [email protected] > 24x7 Watch Desk +1(317)274-7228 > http://www.ren-isac.net On behalf of the REN-ISAC team, - -- [email protected] 24x7 Watch Desk +1(317)274-7228 http://www.ren-isac.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAll15QwACgkQmE7uDk39N77IhgCeMTKEtLuio7HOChZodjHzEGNC YPwAnj9bdlmd3xrHq/3cByh+ek3POgJW =KadM -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
