A growing number of academics have their IDs and passwords stolen after receiving a phishing email that led them to a fake website. The personal information of a total of 12,000 or so individuals has been leaked at Yokohama City University and five other universities so far. Sankei Shimbun also learned through interviews with the universities and others on July 1 that some of the email addresses used by a hacker when forwarding information were the same at least at four out of the six targeted universities.
It was also found that the English message of the fake email was identical at three universities, raising the possibility that the phishing was committed by the same culprit. A cyber security expert warns that the stolen personal information could be used for new cyberattacks.
The six universities are using the Office 365 system provided by U.S.’s Microsoft. The culprit could directly steal the passwords of only 50 or so individuals. But the hacker seems to have used the passwords to perform unauthorized logins and change the settings to automatically forward emails externally. As a result, a large volume of personal information included in the emails leaked outside.