The University of Queensland is working to assist students and staff who could be caught up in an online data breach which has affected 593 million people worldwide.
The threat includes vendors selling people’s security information in slabs of data that appear to have been compiled from several attacks on popular online social media and collaboration sites.
UQ Chief Information Officer Mr Rob Moffatt said the breach did not compromise UQ systems, but had primarily affected people who had replicated a specific combination of their UQ email and password for external services.
“I stress that UQ’s systems have not been breached or hacked,” Mr Moffatt said.
“However, we have identified 4000 students and 2500 staff at risk, and have acted immediately to help them shore up their online security.”
He said the issue was identified through UQ’s online security safeguards.
“Security checks have shown only an extremely small percentage of the identified cohort are still using the jeopardised credentials for their UQ accounts.
“In fact it appears only two of the 2500 at-risk staff members were still using the compromised credentials for their UQ accounts, and this has now been resolved.
Students and staff at risk of using jeopardised credentials for accounts external to UQ have been contacted and advised to change their passwords immediately.
Mr Moffatt said UQ had recently implemented several measures to improve password strength as well as promotions to encourage students and staff to regularly change their passwords.
The data breach appears to have been a composite international effort and not targeted specifically at either UQ or Australia.
UQ and other organisations in the Asia-Pacific region were alerted to the threat via AusCERT, a self-funded cyber emergency response team which was formed from UQ-based specialists in 1993.
