IS&T's Security Operations Team is writing to inform you that your MIT email address has been published online in a purported third-party data leak.
* * WHAT HAS HAPPENED * *
Recently, an unknown party uploaded 14 million username and password combinations to an online forum. The unknown party states that these username and password combinations are working credentials for Apple's iCloud service.
Apple allows users to set non-iCloud email addresses as usernames. Because of this, some MIT community members have used their MIT email address as their iCloud username.
* * WHAT HAS IS&T DONE * *
IS&T's Security Operations Team has downloaded the complete list and discovered close to 100 MIT email addresses in the purported data leak. Out of an abundance of caution, we are notifying you that your MIT email address is on the list.
* * WHAT DO I NEED TO DO * *
If your MIT account password matches the password below, we recommend you change your MIT password immediately.
Your MIT password can be changed by visiting the following site: https://ca.mit.edu/ca/cpw
If you use the password listed above at any non-MIT sites (e.g. Facebook, Twitter, online bank, etc.) we recommend changing that password as well.
If you do not recognize the password listed above, no action is necessary.
Again, we are contacting you out of an abundance of caution in the event that the password listed above is currently in use by you. The data was not taken from any MIT systems.
If you have any questions, please reply to this email.
A copy of this email can be found in The Knowledge Base http://kb.mit.edu/confluence/x/logwCQ.
Massachusetts Institute of Technology
Information Systems & Technology (IS&T)
As a reminder: IS&T will NEVER, for any reason, request your username or password via email. If you question the validity of an email supposedly from IS&T, please double check with the IS&T Help Desk (http://ist.mit.edu/help) before responding.