Educause Security Discussion mailing list archives
Re: Account Lockout Communications Policy
From: "Jim A. Bole" <jbole () STEVENSON EDU>
Date: Thu, 26 Sep 2019 15:58:23 +0000
Students must register an external email account as part of our self-service password reset process. Thankfully, our IMAP policy blocked any access to their on-prem exchange mailbox. So the only thing the malicious actors could do was get a successful login. So I sent out notifications to the students’ registered external email after we had reset their accounts (disabled, kill active sessions, reset password, re-enable): Dear Stevenson University Student, The Office of Information Technology (OIT) has determined that a malicious actor successfully logged onto your account sometime between Sept. 12-16. They were not able access any of your information after they logged in. There are indications that the malicious actor may have used information from a 2018 data breach from Chegg. In some cases when you attempt to access your Stevenson account you may see a message stating your access has been blocked due to suspicious activity; there, we ask that you reset your password as soon as possible. Here are the steps to reset your password: 1. Go to https://myaccount.stevenson.edu 2. Click Reset Password. 3. Enter your Stevenson single sign-on username in the prompt and click Next. 4. Choose your external email address in the drop down list. 5. A verification code will be sent to the e-mail address you used for Self Service registration. 6. You have 30 minutes to input the verification code on the next page. 7. Reset password using the stated requirements. Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu | O: 443-334-2696 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Chrisinger, Cory A Sent: Thursday, September 26, 2019 11:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Account Lockout Communications Policy External Email: This email originated from outside of Stevenson University. Do not click links or open attachments unless you recognize the sender and know the content is safe. -Stevenson University, Office of Information Technology Hello, I’m looking for how different organizations handle account compromise notifications to individuals. Due to the Chegg breach we reset 319 accounts towards the end of the day. We do not necessarily have out of band communication methods for affected parties. I’m hesitant to send a notification to an affected email due to tipping off the attackers. The attackers seem to be able to execute additional payload very quickly when they assume the account will be deactivated. We do notify our customer services areas, but overnight a student may not have access until business hours resume. Thoughts, strategies, ideas are appreciated. Thank You, Cory Chrisinger CISO, CISSP ID#581915 Phone: (608) 243-4575 Email: cchrisinger () madisoncollege edu<mailto:cchrisinger () madisoncollege edu> Want to discuss a technology project? Please contact me, or complete the Technology Services Project Request<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmadisoncollege365.sharepoint.com%2Fsites%2Fpwaprod%2FLists%2FPMO%2520Intake%2520Form%2FNewForm.aspx%3FSource%3D%2Fsites%2Fpwaprod%2FPages%2FThank%2520you%2520for%2520your%2520request.aspx&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C1a34f2dbd1c145abed3208d74296d14a%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637051087833631158&sdata=Q8cZFv5O6063OkCQvD%2BJgAR5LxQdEhGBMGo5ILKdG%2F0%3D&reserved=0> form, and we’ll talk! ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C1a34f2dbd1c145abed3208d74296d14a%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637051087833631158&sdata=TV3VbUUvMzZX7bFJ5S9oWDCWOsRHBFuYtbQsu7zHp2Y%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Account Lockout Communications Policy Chrisinger, Cory A (Sep 26)
- Re: Account Lockout Communications Policy Menne, Michael S (Sep 26)
- Re: Account Lockout Communications Policy Jim A. Bole (Sep 26)
- Re: Account Lockout Communications Policy Barton, Robert W. (Sep 26)