An email account at RMIT University in Melbourne has resulted in a user account in the Credit Management area being compromised and sending messages to former students.
According to a statement from RMIT "no information or data has been compromised" and steps have been taken to filter similar messages so that users aren’t duped into giving up their log in credentials. The compromised account has been suspended
Although the impact of this breach was minor and quickly contained the compromised user account was active for a couple of days. When we contacted RMIT for information they were looking into the situation, having been alerted by external parties.
This is a common situation. According to the Mandiant 2014 Threat Report two-thirds of hacking victims were informed by external entities. It's unknown how long the email account was compromised of if any confidential messages were accessed.
RMIT staff and students use Google Apps for email .
This article is brought to you by Enex TestLab, content directors for CSO Australia.