Recently, account information for over 500 million users from accounts at LinkedIn, MySpace, and Tumblr were discovered on the “dark web” and Pastebin bulletin board. These are areas where attackers openly exchange credentials or brag about their exploits. The posted accounts included over 5,000 Lehigh usernames (@lehigh.edu) along with LinkedIn, Tumblr, or MySpace passwords.
LTS information security staff monitor numerous information security sites, including repositories where attackers post stolen credentials. LTS staff check these sites for signs that Lehigh accounts may have been hacked.
The compromised accounts were NOT Lehigh account credentials, but likely instances where Lehigh community members use their Lehigh email to log into social media accounts (LinkedIn, Tumblr, MySpace). Lehigh account information was not breached, but the social media accounts likely were.
If you have received a notice from LinkedIn or Tumblr to change your password for your account, please do so immediately by going directly to those sites and logging in to change your password.
Additional actions you may wish to take include:
We STRONGLY recommend that you never reuse any passwords and only use your Lehigh logon credentials to access Lehigh resources.
LTS will continue to monitor all Lehigh accounts for suspicious activity and will notify you if a breach is suspected.
If you have any questions, contact the LTS Chief Information Security Officer, Keith Hartranft at firstname.lastname@example.org or 610-758-3994.