Compromised Accounts

A compromised U-M account is one accessed by a person not authorized to use the account. Criminals and hackers target U-M users to gain:

  • Access to the U-M network, processing power, and/or storage they can use to commit crimes.
  • Access to U-M academic resources, like the library and journal subscriptions.
  • Information about you to steal your identity, commit fraud, and use your reputation to target your contacts for phishing and fraud.

When accounts are compromised, valuable computing resources and sensitive institutional and personal data is put at risk. Even accounts with limited or no access to institutional data and nothing private or of value in email or personal files are valuable to hackers.

How Accounts are Compromised

  • Phishing. Emails that ask you to verify, validate, or upgrade your account by logging in to a webpage or providing your password are most likely phishing scams. Learn more and protect yourself with the information on Spam, Phishing, and Suspicious Email. U-M will NEVER send email asking you to confirm your identity or provide confidential, personal information.
  • Password Stolen on Another Site. Reusing your U-M password on other sites, especially those where your umich.edu email is your username, puts U-M resources at risk. If your account on those sites is compromised, your U-M account can be easily accessed.
  • Password Sharing. If you shared your password with a friend, significant other, or family member, they might not have been as careful with it as you are.
  • Malware. Use of an untrusted computer or a computer infected with a computer virus, running a keyboard logger, or subject to other malicious system compromises. See Viruses for software you can use to keep your computer safe.
  • Unsecured network. If you log in to a U-M website like Wolverine Access while on an unprotected wi-fi network, your account information could be stolen. Remember to always Use a Secure Internet Connection.
  • Weak password. A short, simple password can be vulnerable to guessing or brute-force techniques. See the Password Security Checklist for other ways to keep your password safe.

How IIA Identifes Compromised Accounts

  • Reports from compromised users. Some compromised account reports lead IIA to discover other affected account-holders. Because of this, please report any suspected account compromise, even if you’ve already changed your password.
  • System monitoring. Automated system monitoring alerts systems administrators to suspicious or unauthorized activity.
  • “Abuse” complaints. Complaints or alerts received from third parties about spam or network-based attacks coming from U-M accounts.
  • Log analysis. Investigation of security incidents sometimes reveals evidence of compromised accounts.

If IIA identifies your UMICH account as compromised

  1. Your UMICH password will be randomized.
  2. Your password reset security questions and answers will be cleared. You will not be able to use the security questions and answers stored in UMICH Account Management to reset your password. You will need to set new ones after you get a new password.
  3. Contact the ITS Service Center by phone at (734) 764-HELP (4357) to have your password reset.
  4. If you are a U-M employee, you may be contacted via email or phone by an IIA staff member. IIA will work with your unit as necessary to determine if other information was accessed.

No matter what:

  • DO NOT change your password back to what it was when it was compromised.
  • DO NOT change it to a password you use for other sites.
  • DO NOT reuse your UMICH password for other sites and services.

See Also

What to Do If Your Account Is Compromised