2477 TU mail addresses currently at "Have I been pwned" - We recommend to change the TU password if you are contacted by us.
The ITMC of TU Dortmund University has subscribed to the service"Have I been pwned", which is operated by the Australian security researcher Troy Hunt. This service automatically informs us when TU email addresses appear in connection with data leaks or password leaks.
Today, 1.3 billion new passwords have been added to the collection, which were extracted from various darknet forums and Telegram chats by the IT security company Synthient. There are currently 2477 passwords affected that are assigned to a TU email address. This does not mean that the passwords belong to a TU account. It is possible that the data originates from other web services where the TU email address was used to log in. However, it is also possible that the data was stolen using an InfoStealer or by phishing. They may also include old passwords that are no longer used. As many users use the same password for different services (credential stuffing), there is a certain risk and we therefore ask those affected to change their TU password.
Please always use different passwords for different services! If necessary, use password manager software. The ITMC recommends the use of Keepass or KeepassXC. If you save passwords in the browser, always use a master password. This is the only way to prevent passwords from being stolen by malware (InfoStealer).
We will automatically write to those affected with the subject "Ihre Daten sind im Internet aufgetaucht / your data have been appeared on the Internet". You can recognize the legitimacy of this automated mail by the secure S/MIME signature.
If you would like to change your password, you can do so in the TU Dortmund University service portal.
Background:
https://www.heise.de/news/Have-I-Been-Pwned-Milliarden-neuer-Passwoerter-in-Sammlung-11067453.html