The FBI’s cyber division has published a Private Industry Notification warning colleges and universities in the US that higher education credentials are up for sale on the dark web.
FBI data suggests that from January 2022, Russian cyber-criminal forums advertised access to credentials from universities and colleges across the US, for prices as high as thousands of dollars.
The document also reveals that in May 2021, over 36,000 email and password combinations (it’s unknown how many were duplicates) for emails ending in .edu were found on a publicly available instant messaging forum.
“If attackers are successful in compromising a victim account, they may attempt to drain the account of stored value, leverage or re-sell credit card numbers and other personally identifiable information, submit fraudulent transactions, exploit for other criminal activity against the account holder or use for subsequent attacks against affiliated organisations,” read the document.