Security researchers have discovered 2.2 million breached credentials linked to the UK’s 100 top universities available on the dark web, putting staff, students and their data at risk.
Crossword Cybersecurity’s Trillion risk monitoring service found the credentials, over half (54%) of which it claimed belong to elite Russel Group institutions.
According to the latest figures, there were nearly 2.2 million students studying at UK higher education institutions in 2021/22, including 680,000 international students, plus an additional 234,000 staff.
That makes the size of the discovery potentially significant, although there’s no information on how many of the affected individuals are still at university.
Crossword Cybersecurity highlighted the potential risk to sensitive research, if threat actors are able to access user accounts with compromised credentials. It said that over half (54%) of breached credentials came from UK universities with research facilities, with government-funded programs in areas like nuclear energy and defense potentially at risk.
“UK universities and research facilities are among the most respected in the world, and protecting that reputation includes protecting the students, staff and information that is shared with them for research projects by the public and private sector, through effective cybersecurity practices,” argued Crossword Cybersecurity managing director, Stuart Jubb.
“We recognize that these environments are amongst the most uniquely challenging to protect with overlapping requirements for secrecy and openness, so many attack paths need to be factored in. We believe that cybersecurity practices for all organizations, not just the education sector should include the proactive monitoring for stolen credentials, and a requirement for multi-factor authentication.”
Theoretically, threat actors may not just be looking for university credentials with an eye on unpublished research. They may be hoping to steal sensitive personally identifiable information (PII) from staff and students and/or to attempt phishing or identity fraud.
The report found that the top 30 universities in the country are up to 50% more likely to have breached credentials than other institutions in the top 100, and that London’s universities have more breached logins (506,330) than those in Scotland, Wales and Northern Ireland combined (465,767).