Third party security incident affects UB community logins

A piece of paper with a field for a username and password, on a hook, against a blue background.

Published May 29, 2018

The login information for a large number of UB students, faculty, staff and alumni was recently compromised when they were entered into a non-UB website. The university as reset passwords for these accounts out of an abundance of caution, and the affected individuals have been notified, as UB's Information Security Office and UBIT continue to monitor and mitigate the situation.

What happened?

An initial investigation by UB's Information Security Office concluded that the individuals' login information was stolen when they entered their UBITName credentials at a third party, non-UB website; no UB accounts were directly compromised.

At this time, UB does not have evidence that individuals' financial, academic or private information was viewed or stolen. Nonetheless, the university is taking a series of measures to keep its students, faculty, staff and alumni safe.

What is UB doing?

UB has contacted impacted individuals to make them aware of the risk, and inform them how to protect themselves against possible misuse of their information. UBIT also reset the passwords for the affected accounts, prompting the individuals to set a new password using the UBITName Manager, or by contacting the UBIT Help Center directly.

The University at Buffalo takes protecting the personal information of its students, staff, faculty and alumni very seriously. UB's Information Security Office consistently monitors threats and communicates dangers to the community through IT Security Alerts. They also engage in regular community outreach about cyber security at UB events throughout the year. They are currently seeking more opportunities to educate the University community on best practices for keeping their information safe and secure.

How can I stay safe?

Never use your UBITName and password as login information on external websites or services, even if they are related to or required for your work or studies at UB. Likewise, you should never use the same password for two different sites or services.

UB's Information Security Office recommends using passphrases, rather than simple passwords. Also, you should always use two-factor authentication when available.

The UBIT website has additional information for keeping you and your devices safe. This includes securing your UBITName password, recognizing email scams and reporting security concerns to UB.

If you think your UBITName login information has been compromised, contact the UBIT Help Center.