Lehigh University logo
Library and Technology Services logo

LTS Information Security Update - Change passwords for LinkedIn, Tumblr, and MySpace

Dear Members of the Lehigh Community,

LTS information security staff monitor numerous information security sites, including repositories where attackers post stolen credentials. LTS staff check these sites for signs that Lehigh accounts may have been hacked.

Recently, account information for over 500 million users from accounts at LinkedIn, MySpace, and Tumblr were discovered on the "dark web" and Pastebin bulletin board. These are areas where attackers openly exchange credentials or brag about their exploits. The posted accounts included over 5,000 Lehigh usernames (@lehigh.edu) along with LinkedIn, Tumblr, or MySpace passwords.

The compromised accounts were NOT Lehigh account credentials, but likely instances where Lehigh community members use their Lehigh email to log into social media accounts (LinkedIn, Tumblr, MySpace). Lehigh account information was not breached, but the social media accounts likely were.

If you have received a notice from LinkedIn or Tumblr to change your password for your account, please do so immediately by going directly to those sites and logging in to change your password.

Additional actions you may wish to take include:

  • Monitoring all your accounts for suspicious activity
  • Changing your password for your Lehigh account
  • Changing your password for the identified compromised account
  • Changing your password for all your user accounts
  • Never using the compromised password (if known) in any account access you utilize in the future
  • Consider "how significantly different" your current passwords are from any of those breached and make changes
  • Investigate if your Lehigh "in" accounts or other personal accounts have been identified in other compromises. This can be done by going to https://haveibeenpwned.com and entering an email address or username and performing a search. While this site does not track all account breaches, many of the most recent and major ones can be quickly investigated.

We STRONGLY recommend that you never reuse any passwords and only use your Lehigh logon credentials to access Lehigh resources.

LTS will continue to monitor all Lehigh accounts for suspicious activity and will notify you if a breach is suspected.

If you have any questions, contact the LTS Chief Information Security Officer, Keith Hartranft at kkh288@lehigh.edu or 610-758-3994.