Campus Technology Services has learned that thousands of Oswego email addresses and passwords have been made public recently, as part of several massive information dumps. It is important to note that passwords for SUNY Oswego services were NOT disclosed, but users may still need to take action.
If you used your SUNY Oswego email address to sign up for either MyHeritage (a genealogy service), Dubsmash (video sharing) or MyFitnessPal (a fitness tracking service), then you should reset your passwords for those services immediately, CTS said. If you reused the password for these services anywhere else, including your SUNY Oswego account, you should reset the passwords for those other services as well.
Information breaches such as these are being announced with alarming frequency, and protecting your online accounts may seem like an impossible task, but there are steps you can take to reduce your risk, CTS advised. The most important thing you can do is use a unique password for every online account. A password manager application such as 1Password, Dashlane or LastPass can assist you in generating and storing all your unique passwords. Setting up two-factor authentication will also reduce the chance that a hacker can take over your accounts, even if your password is disclosed. Additionally, you should monitor your email addresses to see if they are included in any breaches. The Have I Been Pwned? website dedicated to this purpose.
The CTS Cybersecurity website has more information about how to protect your online accounts, and the CTS Help Desk is available if you have any additional questions or concerns. The Help Desk can be reached at 315-312-3456 or help@oswego.edu.