Cybercriminals may already have your password!

Who hasn’t been tempted to use the same password for multiple accounts? So much easier to remember! But be warned – using the same password also increases the risk of a cybercriminal gaining unauthorised access to all of your accounts through credential stuffing.

Credential stuffing is a type of attack where cybercriminals take a large number of stolen usernames and passwords – normally from a corporate breach – and attempt to “stuff” those credentials into the login pages of other services. This can include CSU services.

Because it is common for people to use the same username and password across multiple sites, cyber attackers often find the leaked credentials from one account will unlock multiple accounts.

In January this year 773 million accounts were affected by a data breach, with the usernames and passwords being posted to a hacking forum, making them available for cyber attackers to use.

CSU is not immune to this type of attack. And in fact DIT has already identified incidents where leaked staff email addresses and passwords are used to try and log into CSU systems.

To protect yourself and the university against credential stuffing, ensure your CSU password is significantly different from the passwords you use for other sites – e.g. online shopping, social media and other web-based accounts.

It is also highly recommended to use a strong password and to enable multi-factor authentication.

If you suspect your credentials have been compromised you should change your CSU password immediately.

Contact the IT Service Desk if you have any IT security questions or concerns.