|
Several thousand UMKC students must change passwords after hacker steals password file
Incident Date: January 11 2004 Incident Location: Kansas City MO USA Students and staff at the University of Missouri Kansas City (UMKC) were told to change their passwords on January 12, 2004 after an attacker managed to download an encrypted password database containing around 17,000 accounts. The attacker targeted a Windows computer -- probably a domain controller -- that authenticated users accessing the UMKC Microsoft Exchange mail service. Tom Brenneman, the UMKC interim director of information services said there was no evidence that any other files were tampered with. He also reported that UMKC was alerted to the breach by new security monitoring software running on the system. While the passwords were encrypted, both open source and commercial software is freely available to perform password cracking. An attacker could have cracked low to medium strength passwords and gained unauthorized access to accounts within the reported four days it apparently took UMKC personnel to shut down the system and require password changes. FBI investigators seized two university computers suspected of serving as entry points for the attacker. At the time of this report, no further update on the progress of the investigation was available. Story Sources Title: Hacker steals UMKC cyber secrets Author: Paul Wenske, Gregory S. Reeves Date: 1/14/2004 Publication: Kansas City Star Publication Location: Kansas City MO USA Publication URL: http://java.ittoolbox.com/news/dispnews.asp?i=107879&t=6 Title: FBI looking at UMKC hacking incident Author: Paul Wenske Date: 1/30/2004 Publication: Kansas City Star Publication Location: Kansas City MO USA Do you have additional information to contribute regarding this story? If so, please email siteupdates@passwordresearch.com with the details and source.
<-- Back to Authentication Story Index |