As you know Harding uses Google as our email service. So are our passwords safe?
There is an article in this weeks issue of Computerworld that talks about the issue in general: What you need to know about the Gmail Password Compromise.
More specifically in regard to Harding passwords, John Nunnally advises the following:
"The Russians are releasing the data they have a little bit at a time to keep the story "hot", if for no other reason. Four days ago they released these five million or so gmail accounts and their passwords. ...Google is aware of no security breach that allowed this information to be accessed. They believe these five million accounts were compromised by phishing schemes and malware that does keyboard logging, etc. In other words, these gmail owners effectively gave away their account information.
Harding.edu accounts are not gmail.com accounts even though Google hosts our harding.edu accounts. So I seriously doubt this list of five million gmail accounts includes any harding.edu accounts. But that does not mean these Russians do not have some harding.edu accounts in the billion or so account credentials they collected. I spend a lot of time dealing with Harding accounts that have been compromised, so certainly a number of our Harding users give their credentials away just like these gmail account owners did.
As a matter of record -- Anyone with accounts anywhere with passwords over a year old should change them immediately. Once a year is certainly not too often these days. Hackers do not want you to know that they have your password. So usually the only way you find out you have been hacked is when you realize your account has been abused. The primary defense we have is to change our passwords regularly in hopes that, if we are hacked, we will have changed our password before the bad guys get around to using it."
