6,000 myUK accounts were found for sale on the dark web, UK IT officials say

Memorial Hall building mug

Rick Childress

Information from almost 6,000 myUK accounts were found for sale on the dark web, university IT officials said Tuesday. 

The 5,950 myUK accounts—accounts used by faculty, staff and students for email, class scheduling and other academic functions—were found for sale and then disabled by UK IT workers to prevent further access by those who illegally obtained them, said Michael Sheron, the IT Services Director of Data Privacy & Policy.

The account information was not stolen through UK, Sheron said.

A third-party website, which thousands of UK students, faculty and staff had used their UK emails and passwords to register on, was compromised, exposing the UK accounts.

It’s unclear what the third party site was. Students who had their accounts compromised were directed to a UK ITS website which stated that the accounts “may have been affected by the recent Chegg.com Data Breach.”

Chegg.com, is a book rental site commonly used by students to acquire textbooks. Silicon Republic reported that Thinkful, an education technology company, which was recently acquired by Chegg, recently disclosed a large data breach.

The Kernel has sent a comment request to Chegg, and is awaiting a reply.

Students, faculty and staff who had their accounts turned off because of the cyber threat were encouraged to log back into their myUK account and check to see if their financial and course enrollment information were correct, an email sent to the entire College of Communications stated.

UK’s Cybersecurity, Data Privacy, and Policy team constantly monitors and works against the thousands of cyber threats that the university faces daily, Sheron said. The cyber security team identified the accounts for sale online, and decided to shut them down.