Monday, March 14, 2022
View Larger +
An email hack involving nearly 500,000 email addresses in a Brown University database took place over the weekend.
This marks the latest incident at the Ivy League institution, which came under cyberattack in the spring of 2021.
On Saturday night, John Spadaro, the Interim Chief Digital and Information Officer in Brown’s Office of Information Technology, sent the following email to the community.
GET THE LATEST BREAKING NEWS HERE — SIGN UP FOR GOLOCAL FREE DAILY EBLAST
“We are writing to individuals who may have received messages today, March 12, 2022, from a Brown ‘special events’ email address with images and comments reflecting political sentiments related to Russia’s invasion of Ukraine. We regret any concern that these messages may have caused,” he wrote.
GoLocal was able to obtain a screengrab of the email that was sent on Saturday from “[email protected]” with the subject line “A new day.”
The body of the email states “You deets has been obtain by viper crewz” — followed by a URL (which has been redacted here).
According to members of the Brown community, the CSV file that the perpetrators linked to included nearly 500,000 emails.
Sources say the original email contained two memes; one was a picture of dog waste disposal labeled “Poo-Tin” reportedly containing an image of Vladimir Putin; the other was a political cartoon of Putin sitting on a tank holding the cannon — but the cannon was flaccid.
View Larger +
In his email to the Brown community on Saturday, Spadaro continued with the following.
“These messages were the unfortunate result of unauthorized access to a bulk email service used by the University that enabled the names and email addresses of recipients to be extracted from the service. The University has changed the password for the compromised account and was able to prevent distribution of the unauthorized message to most email addresses in the account. The University already was in the process of retiring use of the bulk email service and does not expect further use of the service.
In addition, a thorough investigation has confirmed that there was no software, virus or payload linked to the unauthorized messages that would have any effect on the machines, software, stored content or technology of those who received or open the unauthorized messages. Also, no confidential information other than the names associated with the recipient email addresses was accessed, and no other Brown assets have been accessed.
We encourage you simply to delete the original message(s) and any others you might receive with similar or questionable content. It’s relevant to note that the unauthorized sender of today’s emails created a link that would allow others to access the list of email addresses used to send today’s unauthorized emails. You may receive other spam messages from accounts pretending to be Brown senders, or from other email addresses.
Filters for junk mail and spam that commonly prevent distribution of messages such as these on most email platforms should help minimize the impact to individuals. We have taken all immediate steps possible and continue to be in touch with the external email service provider to seek to prevent further unauthorized emails or spam to the extent we can control.
We regret any inconvenience and frustration caused by this situation.”
Brown University spokesperson Brian Clark said that the university is continuing to investigate the incident.
“It is unknown how many of the email addresses accessed are active,” Clark told GoLocal. “The spam messages using the improperly accessed email lists were sent to a subset of recipients that was much smaller, by orders of magnitude. And then Brown was able to block a majority of those.”
“Unfortunately, in incidents such as these, no one can predict whether further attempts will be made to send spam emails. However, the nature of the emails likely could be identified as spam by any recipient, and would be filtered out by junk mail filters, marked as spam or deleted,” said Clark. “OIT continues to reach out to the vendor to investigate how the account was compromised, and to consider what additional steps may be taken.”
In March 2021, GoLocal reported that Brown came under cyberattack in an incident the university at the time called its “utmost priority.”
On Tuesday afternoon, Thirsk, Brown’s Chief Digital Officer and Chief Information Officer, made the community aware of the threat — and as of Wednesday, the university was still addressing the incident.
“I’m writing to share that [this morning] Brown’s IT security team became aware of a cybersecurity threat to the University’s Microsoft Windows-based technology infrastructure. Staff in Computing & Information Services took immediate steps to mitigate the threat, launched an investigation and began to develop a full response plan,” said Thirsk Tuesday afternoon.
“Given the nature of the threat, CIS has taken a number of aggressive steps to protect the University’s digital resources, including shutting down connections to our central data center and systems within it,” he added. “While many of our cloud-based systems — including Canvas, Zoom and Workday — remain up and running, other systems are temporarily disabled. Among the most commonly accessed resources that are temporarily unavailable are Banner, VPN, RemoteApps and some websites hosted on Brown.edu. We are working with colleagues across the University and are committed to getting systems back online as quickly as possible.”
Read more here.