Research shows Michigan schools rank high for .edu email addresses being sold on the dark web


Every day, there are hundreds of thousands of cyber security attacks happening across the globe putting your sensitive information at risk. And sometimes, you don’t even know it.

Cyber criminals, they’re known for hacking into your personal devices, and stealing information such as email addresses and passwords for someone else’s benefit.

According to a new report by the Digital Citizens Alliance, criminals are targeting some of the largest university and college communities, stealing email addresses with .edu and old email accounts and aggressively selling or trading them through the dark web.

According to cyber communications expert, Cale Sauter, this kind of “email-selling” is common for cyber criminals.

“The way that some of these are being used are just to get discounts for various things that offer discounts to .edu college accounts,” says Communications Director for Liquid Web, Cale Sauter.

Researchers looked through the dark web to find out which schools had the most email addresses and passwords up for grabs.

According to the report, out of 300 colleges and universities, the University of Michigan topped the list with 122,556. Michigan State University was right behind it, with 115,973.

“If they figure out the password for that, they may have a password that would lead to bank accounts, or someone’s credit,” says Sauter.

Sauter says, these .edu emails are commonly trusted among websites, which makes them worth more to cyber criminals.

“A lot of hackers are having their spam emails sent directly to a spam folder or more easily identified, sometimes they can get through that by using a .edu email address,” says Sauter.

In all, there were more than 400-thousand stolen email addresses from schools in Michigan. Although researchers say, the email addresses may not be from a massive data breach, rather, from sites where people have used their .edu email addresses and passwords, such as online shopping or on social media.

The goal, was to demonstrate the scale of the problem, and create more awareness of what kinds of things people are capable of doing with a .edu account.

Experts say, it’s a good idea to log into old email accounts, and change the password to something more secure, adding things such as capital letters, numbers, and symbols.

Copyright 2020 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.