University usernames, passwords used on third-party sites exposed, no University data breach

Saturday, July 4, 2020 - 12:39pm

University makes statement on leaked passwords and emails

University makes statement on leaked passwords and emails Buy this photo
Kelsey Pease/photo

A list of University of Michigan usernames and passwords making rounds in the University community Friday is a compilation of older, previously published lists from third-party data breaches, such as Chegg, Zynga, LinkedIn and others, according to an Information and Technology Services advisory

No U-M systems or accounts were breached, but a large number of U-M email addresses were included in the list. ITS will reset a small number of passwords included on the list and will contact owners of those accounts to let them know what happened, the advisory said. 

The advisory reminded faculty, staff and students to never use their University password outside the University system and to turn on two-factor authentication for personal accounts whenever possible. 

A similar list, also coming from third-party websites, struck the University of California at Berkeley community Friday. 

In the wake of the list’s spread, Engineering senior Zach Wernet defended the University’s oft-maligned mandatory Duo two-factor authentication, posting a captioned photo of Thanos in the UMich Memes for Wolverteens Facebook group. 

“UMich students to Duo right now: Perhaps I treated you too harshly,” Wernet wrote. 

Summer News Editor Calder Lewis can be reached at calderll@umich.edu.