TO TOP

IT-Sicherheitsvorfall/IT-Notfall | A-Z | Kontakt/Beratung

Open user profiles, password lists and so-called breaches

The RUB abuse team regularly receives reports from security teams and authorities about potentially hacked accounts on online services or illegally collected data from members of the Ruhr University. To prevent issues such as identity theft or deception in email exchanges, we notify affected users.

A report concerning your RUB email address does not mean that the RUB mail server has been hacked. Rather, it means that an online service  to which you have registered with your RUB email address has been affected. You are only at risk if you use the same password for the online service as you do for your RUB email.

Information about such incidents is reported to the Information Security Unit and the RUB postmaster from various sources, analysed and usually forwarded to those affected by email.

General information about incidents is also published in our current reports and in the notification archive.

The reported data originates from different incidents and usually varies in scope, reliability and timeliness. Examples include

  • Breaches
    Breaches of online services where user data may have been stolen. Online services often disclose information about which data has been stolen. Some breaches are only noticed when data manipulation or illegal publication occurs. Depending on the type of service, different personal data may be affected. Reputable service providers inform those affected – unfortunately, this is not always the case.
  • Passwort dumps
    Password lists are often compiled after break-ins or phishing attacks and offered for sale or download. Security teams often only provide us with password snippets, which we use to inform the account holders.
  • Pastes and profiles
    In ‘hacker circles’ as well as among questionable IT service providers, both public and stolen data is collected, compiled into profiles and offered for sale. Profile collections have been stolen on multiple occasions from such service providers or their customers during break-ins. According to our observations, the so-called pastes, which are often compiled by hackers to build their reputation, frequently contain false information.
  • Spam lists
    Lists of email addresses that are not publicly known often appear online. These frequently originate from breaches of online services and are usually supplemented with personal data for spam purposes.

The information provided may already be outdated or simply incorrect. Unfortunately, only the users concerned can assess the quality and validity of the access data. So if you receive notifications from us about incorrect or outdated access data, you can now safely ignore them.

Stolen passwords can lead to identity theft and other fraudulent activities in the victim's name. Passwords are also tried on other online platforms and reused if necessary.

With the help of published confidential personal data and additional information, specially tailored spam emails are sometimes created. We have also observed attempts at blackmail using such data.

In all cases, the damage to the individual affected can be immense.

  1. Do you recognise any of the leaked password snippets?
    Change the password for the online service where you use that password. Check whether your data has already been used or manipulated on this online service. In such cases, you should also contact the operator of the online service to request clarification and, if necessary, file a criminal complaint.
  2. Have we informed you about a breach of an online platform?
    Even if no password snippets have been transmitted to us, passwords or password hashes may have fallen into unauthorised hands. Please follow the recommendations in point 1.
  3. You have received our notification that your email address is on spam lists, pastes or in profile collections.
    Expect spam emails or blackmail emails tailored to you personally. Activate the spam filter on your mailbox and familiarise yourself with how to recognise fake emails. Password changes are not usually necessary. In such cases, criminal charges serve more to assess the situation than to solve the crime.
Incident prevention

Anyone who uses online services must expect them to be compromised. Even reputable service providers have fallen victim to hacking. In general, it is advisable to be sparing with your (correct and important) data:

  • Address and date of birth details, names and, above all, account details should only be entered with selected service providers.
  • Use special ‘disposable’ email addresses for less reputable online services, newsletters, etc.
  • Accounts that are no longer used should be deleted by the service providers.

Passwords should be handled with care so that once they have been stolen, they cannot be misused elsewhere:

  • Important passwords such as those for your RUB login ID or online banking should never be used for other online platforms.
  • If you like to differentiate between passwords at the end of words (e.g. by incrementing them or appending the platform name), our password snippets will not be of much use to you. In case of doubt, you will then have to change the password for all your services.

You cannot protect yourself against a breach of an online service or the unauthorised creation of user profiles. However, observing basic security rules can prevent or at least limit further damage:

  • Use secure passwords. You can find tips on this on our Secure Passwords website.
  • As a user of a RUB mailbox, activate automatic spam filtering.
  • Keep your devices up to date – install available updates for your operating system and applications (especially browsers and email programmes).