FBI PIN – Compromised U.S. Academic Credentials Identified Across Various Public and Dark Web Forums

The FBI has published a TLP:WHITE Private Industry Notification (PIN) warning that compromised U.S. academic credentials are being advertised for sale on online criminal marketplaces. Credential harvesting against an entity is often a consequence of spear-phishing, ransomware, or other cyber intrusion tactics. According to the FBI, “The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks” such as the deployment of ransomware. The PIN includes past examples of compromised academic credentials being sold on criminal forums over the past five years. Additionally, the PIN provides recommended mitigations for organizations to implement. The FBI encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov. Access the PIN at IC3.