News:

Welcome to the new (and now only) Fora!

Main Menu

CHE security breach

Started by bacardiandlime, May 13, 2020, 12:15:54 PM

Previous topic - Next topic

bacardiandlime

I just got an email (and I'm assuming other CHE users did too) that they were hacked and the hackers have our passwords. That was nice.

mamselle

Quote from: bacardiandlime on May 13, 2020, 12:15:54 PM
I just got an email (and I'm assuming other CHE users did too) that they were hacked and the hackers have our passwords. That was nice.

Ahhh...that might explain what I just posted elsewhere.

I've been able to log in to search for things, then suddenly couldn't.

Interesting.

(But I didn't get an email notification...)

M.
Forsake the foolish, and live; and go in the way of understanding.

Reprove not a scorner, lest they hate thee: rebuke the wise, and they will love thee.

Give instruction to the wise, and they will be yet wiser: teach the just, and they will increase in learning.

Parasaurolophus

I haven't gotten an email notification either.

But I have a different username and password here, so there's that, at least.
I know it's a genus.

eigen

Didn't get anything here.
Quote from: Caracal
Actually reading posts before responding to them seems to be a problem for a number of people on here...

hmaria1609


Parasaurolophus

Were you a paid subscriber? Maybe only they got the email...

Or maybe it's a phishing attempt!
I know it's a genus.

mahagonny

I didn't say half of the things I said.

bacardiandlime

Quote from: Parasaurolophus on May 13, 2020, 06:41:57 PM
Were you a paid subscriber? Maybe only they got the email...

Nope.  I do still have the same email from when the fora made us get log-ins. Was that 2007?

sinenomine

No email here, either, and I'm a subscriber.
"How fleeting are all human passions compared with the massive continuity of ducks...."

mamselle

Maybe the message itself was a hack.

Did it require that you click on anything?

M.
Forsake the foolish, and live; and go in the way of understanding.

Reprove not a scorner, lest they hate thee: rebuke the wise, and they will love thee.

Give instruction to the wise, and they will be yet wiser: teach the just, and they will increase in learning.

mamselle

Interesting. I just got the same email.

They must be working though the monikers list and sending emails as they go.

It sounds as if they're not certain that the hacking resulted in an actual decyphering of names and passwords, but suggested a change in one or both if they were used on other forums/chat sites (I already don't use the same password, anyway, here).

Here's what I received:

May 13, 2020
Dear Account Holder:

The Chronicle of Higher Education, Inc. takes data security very seriously and we understand the importance of protecting the information we maintain.

We are writing to inform you about an incident that may have involved some of your information. This notice explains the incident, measures we have taken, and some steps you can take in response.

WHAT HAPPENED: On May 10, 2020, The Chronicle concluded our investigation and analysis of a data security incident that involved unauthorized access to one of our servers. The Chronicle learned about the incident after receiving an internal alert about suspicious activity on the server. Upon learning of this, The Chronicle took the server offline, a leading cyber security firm was engaged to assist with the investigation, and law enforcement was notified. Through our investigation, The Chronicle determined that unauthorized parties exploited a vulnerability in the server, through which they were able to obtain administrative account credentials for the server. The unauthorized parties then logged in to the server on February 17, 2020 and accessed a database on the server that contained credentials for online accounts to chronicle.com, philanthropy.com, and chroniclevitae.com.

WHAT INFORMATION WAS INVOLVED: Our investigation determined that the server accessed by the unauthorized parties contained a database with your username(s) and "hashed" and "salted" password(s) for your online account(s) to chronicle.com, philanthropy.com, and/or chroniclevitae.com. The password(s) for your account(s) were not in plain text, but had been altered through a cryptographic "hashing" and "salting" process, which rendered the actual password(s) indecipherable to third parties. Although access to the hashed and salted passwords would not allow access to your account(s), we are notifying you out of an abundance of caution because our investigation was unable to rule out the possibility that unauthorized parties could bypass the cryptographic "hashing" and "salting" process.

WHAT YOU CAN DO: The next time you login to your online account(s), you will be prompted to change your password(s). Also, if you use the same username(s) and password(s) for any other online account, we recommend that you change your password there as well.

WHAT WE ARE DOING: To date, we have no evidence that there has been any unauthorized access to your online account(s), however, out of an abundance of caution, we wanted to let you know this happened and assure you we take it very seriously. In addition to resetting the password(s) to your online accounts using stronger "hashing" and "salting" technology, we have taken steps to help prevent a similar incident from occurring in the future, including the replacement of the server with the unauthorized access, as well as additional procedures to further expand and strengthen security processes.

FOR MORE INFORMATION: We regret any inconvenience or concern this may cause you. If you have any questions, please contact 1-833-579-1097, Monday – Friday, 9:00 a.m. to 9:00 p.m., Eastern Daylight Time.

Sincerely,
Ken Sands

General Manager, Online
The Chronicle of Higher Education
1255 23rd St. N.W., Suite 700
Washington, DC 20037
Chronicle.com 
Forsake the foolish, and live; and go in the way of understanding.

Reprove not a scorner, lest they hate thee: rebuke the wise, and they will love thee.

Give instruction to the wise, and they will be yet wiser: teach the just, and they will increase in learning.

polly_mer

Quote from: mamselle on May 14, 2020, 05:54:54 AM
They must be working though the monikers list and sending emails as they go.

Unlikely.  This would be an automated process that would likely send in batches, but there's not a human who is looking one by one and clicking send.
Quote from: hmaria1609 on June 27, 2019, 07:07:43 PM
Do whatever you want--I'm just the background dancer in your show!

mamselle

True, and I sort of realized that, I was just trying to imagine why there would be a delay of several days in the time the send-out was received, between B&L and myself.

Time will tell!

M.

Forsake the foolish, and live; and go in the way of understanding.

Reprove not a scorner, lest they hate thee: rebuke the wise, and they will love thee.

Give instruction to the wise, and they will be yet wiser: teach the just, and they will increase in learning.