A MyUBIdentity Theft
Quick Facts
- Date: 12/5/2007
- Institution: University of Buffalo
- Type of Incident: Penetration
- Number Affected: 1
- Source: ESI
- Abstract Source: The Spectrum Online
Abstract
University of Buffalo sophomore Derek Mascarenhas is struggling to deal with the apparent theft of his UBLearns account. Mascarenhas first noticed a problem with his UBLearns account when, after logging into the online system in October, he noticed that he had been resigned from all of his classes. According to Mascarenhas, his account had been accessed from the library between 12:19 p.m. and 12:21 p.m. on Oct 5, a time during with Mascarenhas was in classes, and resigned from all of his classes in a matter of minutes. After contacting the University about this issue, Mascarenhas was told he would have to get signatures from his professors before being allowed back into the classes. However, Mascarenhas was reinstated in his classes prior to obtaining these signatures a bit later. Even though Mascarenhas changed his password immediately after discovering the problem, he was once again resigned from his classes on Oct 17 from another public access computer. Again, Mascarenhas was was in class when this issue occurred. After contacting the university about this problem again, the university began auditing all of Mascarenhas publically available information including Google searches, Mascarenhas' Facebook account as well as the Facebook accounts of Mascarenhas' girlfriend and his former roommate. After against being told he would need to obtain signatures from his professors, Mascarenhas was reinstated in all of his classes within a week. Mascarenhas attempted to contact the university officials investigating the incidents to find out how this could have happened. However, according to Mascarenhas, he was told that the investigation was done "for the school and not for the individual". In an e-mail, UB vice president of Student Affairs Dennis Black has this to say, "he breach could have resulted from many causes. Some of the possibilities are: a roommate watching a login, leaving a logged-in machine unattended, an angry girlfriend/boyfriend with whom he has shared his password, a compromised machine with a password logger or use of the campus wireless network without using the campus VPN (Virtual Private Network)."
