New Research from Authlogics Reveals 187,648 Email Addresses Were Known to be Password Breached in May 2022
Authlogics, a company that provides enterprise password security and multi-factor authentication technologies have found 187,648 email addresses connected to the domains of the world’s top ten universities have been password breached.
In May 2022, Authlogics researched the top ten universities, as recognised by The Times Higher Education World University Rankings 2022, to discover the extent to which password-protected email accounts had been compromised. The university with the lowest number of password breached email addresses available on the dark web was Oxford University (47), compared to the only other UK institution, Cambridge University (18630). The university with the highest number of known breaches was the University of California, Berkley (50943).
CEO of Authlogics, Steven Hope states: “Knowing if password-protected email accounts have been compromised is the first step in putting safeguards in place that reduce the risk of data breaches caused by weak, stolen, or reused passwords.” Hope adds: “These highly prestigious institutions not only have reputations to uphold on the world stage, but they also have resources, research, and intellectual property of huge value. Passwords are known to be the single biggest cause of data breaches.”
The Password Breach Status of the World’s Top Ten Universities
University Number of Password Email Breaches
| Oxford University | 47 |
| Harvard University | 2659 |
| California Insitute of Technology | 3101 |
| Princeton University | 11606 |
| The University of Chicago | 15190 |
| Cambridge University | 18630 |
| Massachuetts Institute of Technology | 22657 |
| Yale University | 25605 |
| Stanford University | 37210 |
| University of California, Berkley | 50943 |
The research was conducted using theAuthlogics Password Breach Database – the world’s largest Breach Database. Holding over four billion breached credentials and more than 1.3 billion compromised clear text passwords, it is the most definitive resource available regarding the password breach status of any live or dormant account. Authlogics provides its Password Breach Database as a free service, to any organisation wanting a comprehensive Password Breach Status report that it can use to guide password security management.
With most universities currently on summer break, now is the opportune time to act before staff and students return to study. Hope explains that it is possible for any organisation to move fast and remediate the situation, regardless of the scale of the problem: “Ultimately, a passwordless approach would be the safest and most efficient way forward. However, in the interim, passwords can be kept relatively secure and cost-effective through a combination of following NIST guidelines and implementing password security management.”
The Authlogics Password Security Management solution is designed to assess existing password related weaknesses, report on the current threats and risks, automatically remediate the problem and provide ongoing real-time protection and alerting from new password breaches.
Hope also urges academic institutions top consider multi-factor authentication (MFA). “As true passwordless is not a viable for many organisations today, MFA provides the most secure practice for safe authentication. Threat actors will continue to exploit unmanaged and unprotected accounts for their benefit, which is why it is so crucial to put barriers in place to stop them from accessing networks and confidential information.”
The ID Bulletin 