The Office of Cybersecurity has recently received a confirmed report of compromised credentials associated with several social media and professional networking sites where an email address was used as the Login ID. This compromise resulted in the publication of password information for these accounts. These account dumps, from Myspace; Tumblr; and LinkedIn, include email addresses that contain the “wisc.edu” domain.
The concern is that UW staff who have used their “wisc.edu” account for these sites may have used their UW Madison NetID passwords to create these third-party credentials. This results in compromised credentials for that account, as well as possible vulnerability for any University service where they used that same UW NetID and password, potentially exposing personal and University data.
The Office of Cybersecurity will be notifying the affected individuals directly in the next several days. Individuals who receive notification will need to change their UW NetID password immediately.
The Office of Cybersecurity is taking appropriate steps to monitor and mitigate any related future events. If you have any questions or concerns, please contact the Office of Cybersecurity at firstname.lastname@example.org