Educause Security Discussion mailing list archives

Re: Spike in O365 risky "unfamiliar" sign-ins?

From: Brandon Hume <brandon.hume () DAL CA>
Date: Sat, 21 Sep 2019 02:32:01 +0000

On 2019-09-20 4:32 p.m., Frank Barton wrote:

We've had 10/10 compromised accounts today having been on the chegg 
list. and a couple more that are targeted, but haven't gotten in.



Just at end-of-day, we had *hundreds* of accounts all being tested 
within a half-hour, and all we examined closely appeared in the Chegg 
breach.  The attacker(s) made themselves notable by bouncing through Tor.


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Huang, Maria (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Hart, Michael (Sep 13)
  - Re: Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 13)
    - Re: Spike in O365 risky "unfamiliar" sign-ins? Turnbull, Colin (Sep 13)
    - Re: Spike in O365 risky "unfamiliar" sign-ins? Sonder, Henk E. (Sep 13)
    - Re: Spike in O365 risky "unfamiliar" sign-ins? Frank Barton (Sep 20)
    - Re: Spike in O365 risky "unfamiliar" sign-ins? Brandon Hume (Sep 20)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Josh Grier (Sep 13)
- <Possible follow-ups>
- Re: Spike in O365 risky "unfamiliar" sign-ins? Theodore J. August (Sep 14)
  - Re: Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 16)