Skip to main content

Cyberattack forces 38,000 students to physically stand in line for new passwords

Around 38,000 students at a university in Germany have been told to physically line up for a new email password after the university’s servers were targeted by hackers.

Justus Liebig University (JLU) in Giessen, near Frankfurt, was hit by a malware attack earlier this month, prompting its IT staff to shut down all of its computer systems, ZDNet reported. The incident is currently being investigated by Germany’s Research Centre for Cyber Security, though information about the specific nature of the malware attack has yet to be disclosed.

Fearing that the malware may have reached its email server, the IT team decided to reset the passwords for all of the email accounts handled by the university.

But the only way the students can obtain their new password is by lining up at the university gym to collect it from staff. The passwords are reportedly being handed out on pieces of paper.

It appears that the somewhat low-tech method for resetting passwords is down to a German law that prevents educational establishments from giving out such information electronically.

https://twitter.com/svblxyz/status/1206948966442708992

To ensure that the delivery of the new passwords is performed in an orderly manner, the university has created a collection schedule stipulating a date and time based on an individual’s month of birth. It’s expected to take five days to complete the process of handing out the passwords to the thousands of people affected.

The malware attack is proving to be a real headache for staff at the university tasked with getting its computer systems up and running again. They’re currently using some 1,200 USB sticks loaded with anti-virus scanners to check each and every one of the university’s computers for the malware. The most recent reports said the IT team had to re-scan the machines last weekend after the anti-virus software received an update to make it more effective. Once a computer is deemed to be clean, it can be reconnected to the university’s network.

We trust that none of the passwords being handed out by the university are on the list of worst passwords for 2019. Announced this week by cybersecurity firm SplashData, they include “12345”, “123456”, “1234567” and, would you believe, “12345678”.

Oh, and if you’re using any of these, perhaps it’s time you switched to a password manager instead.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
This huge password manager exploit may never get fixed
A large monitor displaying a security hacking breach warning.

It’s been a bad few months for password managers -- albeit mostly just for LastPass. But after the revelations that LastPass had suffered a major breach, attention is now turning to open-source manager KeePass.

Accusations have been flying that a new vulnerability allows hackers to surreptitiously steal a user’s entire password database in unencrypted plaintext. That’s an incredibly serious claim, but KeePass’s developers are disputing it.

Read more
Passwords are hard and people are lazy, new report shows
A person using 1Password on a MacBook.

Despite ongoing efforts by security researchers and internet titans to push us to use stronger passwords and two-factor authentication to secure online accounts, people are lazy and continue to make serious mistakes that jeopardize their privacy and security, a new report shows.

A new survey that delves into password selection shows an alarmingly high number of people reuse passwords across multiple accounts. If you are doing this, you should be aware that it only takes one security breach to put all of your accounts at risk. Hackers know that this is a common practice and will try the same stolen passwords at every popular online service in hopes of gaining easy access.

Read more
This new Windows 11 feature will help you protect your passwords
A man sits, using a laptop running the Windows 11 operating system.

The new Windows 11 22H2 update was just released, bringing an interesting security feature. Dubbed "Enhanced Phishing Protection," this feature was made to help users protect their Windows passwords a little bit better.

Enhanced Phishing Protection will warn users whenever they enter their Windows password in places where it's not needed. Here's how it works.

Read more