Latest news with #passwordreset
News.com.au
2 days ago
- News.com.au
University of Western Australia staff, students ‘locked out' of accounts after passwords compromised by data breach
Hundreds of staff and students at a major Australian university have been locked out their accounts following a data breach that left their passwords and personal information compromised. The University of Western Australia (UWA) confirmed details of the cyber-security incident that rocked their Perth campus at the weekend. In a post on the UWA website, the university wrote that all staff and students were required to reset their passwords. 'The University has detected unauthorised access to university password information. As a security measure, all staff and students have been locked out of UWA systems and are required to reset their passwords to gain access,' the message on the home page reads. 'We do not believe any other information has been accessed; however, we are continuing to investigate this incident as our highest priority.' A similar message was shared to the university's Facebook page. In a statement, a UWA spokeswoman said: 'The University of Western Australia is investigating and addressing a cybersecurity incident involving unauthorised access of university password information.' 'We detected this activity and our cyber experts and advisors quickly swung into action,' the spokeswoman said. 'This incident is being treated with the highest priority and there is currently no evidence further information has been accessed. 'The University immediately took preventative action to maintain security and is notifying its staff and students regarding these countermeasures, and we have notified the appropriate authorities. The University apologises for any inconvenience related to this incident.' Speaking to ABC Radio Perth, UWA chief information officer Fiona Bishop said a 'critical incident management team' was deploying countermeasures. She told the program that teams from the university worked 'tirelessly' overnight on Saturday and through the weekend to mitigate the situation. 'We've already moved on to recovery and investigation,' she said. Ms Bishop said there was no evidence any information aside from passwords had been accessed. 'We're very mindful of the impact on students that action took,' she said. 'We're working feverishly to ensure everyone can log on.' A three-day extension has been provided to students in light of the data breach. The attack comes just days after the Australian Information Commissioner announced it was launching legal action against Optus for allegedly failing to protect the data of 9.5 million people in an unrelated, more embarrassing data breach in 2022. The lawsuit alleges that from on or around October 17, 2019 to September 20, 2022, Optus seriously interfered with the privacy of about 9.5 million Australians by failing to take reasonable steps to protect their personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. The case is being pursued as an alleged breach of the Privacy Act 1988.
The Australian
3 days ago
- The Australian
UWA hit by major data breach, students locked out of accounts
Hundreds of staff and students at a major Australian university have been locked out their accounts following a data breach that left their passwords and personal information compromised. The University of Western Australia (UWA) confirmed details of the cyber-security incident that rocked their Perth campus at the weekend. In a post on the UWA website, the university wrote that all staff and students were required to reset their passwords. 'The University has detected unauthorised access to university password information. As a security measure, all staff and students have been locked out of UWA systems and are required to reset their passwords to gain access,' the message on the home page reads. A post on the University of Western Australia's website warns students to change their passwords due to a data breach. Picture: Supplied 'We do not believe any other information has been accessed; however, we are continuing to investigate this incident as our highest priority.' A similar message was shared to the university's Facebook page. In a statement, a UWA spokeswoman said: 'The University of Western Australia is investigating and addressing a cybersecurity incident involving unauthorised access of university password information.' 'We detected this activity and our cyber experts and advisors quickly swung into action,' the spokeswoman said. 'This incident is being treated with the highest priority and there is currently no evidence further information has been accessed. 'The University immediately took preventative action to maintain security and is notifying its staff and students regarding these countermeasures, and we have notified the appropriate authorities. The University apologises for any inconvenience related to this incident.' Speaking to ABC Radio Perth, UWA chief information officer Fiona Bishop said a 'critical incident management team' was deploying countermeasures. She told the program that teams from the university worked 'tirelessly' overnight on Saturday and through the weekend to mitigate the situation. 'We've already moved on to recovery and investigation,' she said. A 'critical incident management team' has been mobilised to deal with the breach, UWA chief information officer Fiona Bishop said. Picture: Supplied / Facebook Ms Bishop said there was no evidence any information aside from passwords had been accessed. 'We're very mindful of the impact on students that action took,' she said. 'We're working feverishly to ensure everyone can log on.' A three-day extension has been provided to students in light of the data breach. The attack comes just days after the Australian Information Commissioner announced it was launching legal action against Optus for allegedly failing to protect the data of 9.5 million people in an unrelated, more embarrassing data breach in 2022. The lawsuit alleges that from on or around October 17, 2019 to September 20, 2022, Optus seriously interfered with the privacy of about 9.5 million Australians by failing to take reasonable steps to protect their personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. The case is being pursued as an alleged breach of the Privacy Act 1988. Blake Antrobus Court reporter Blake Antrobus covers Queensland courts and crime for NCA NewsWire. He began his career in journalism in 2015, migrating from Sydney's northern beaches to southwest Queensland. He has covered politics, crime, education and general news for newspapers across the state. @bt_ant
Fox News
22-06-2025
- Fox News
What to do if you get a password reset email you didn't ask for
You're checking your inbox or scrolling through your phone when something catches your attention. It's a message about a password reset, but you never asked for one. It might have arrived by email, text message or even through an authenticator app. It looks legitimate, and it could be from a service you actually use. Still, something feels off. Unrequested password reset messages are often an early warning sign that someone may be trying to access your account. In some cases, the alert is real. In others, it's a fake message designed to trick you into clicking a malicious link. Either way, it means your personal information may be at risk, and it's important to act quickly. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. There are a few reasons this might happen: In some cases, the message is legitimate, as seen in the email below, but the request didn't come from you. That is often a sign your login details are already in someone else's hands. Unsolicited password reset alerts can take several forms, each with signs of potential fraud or hacking: No matter how the alert appears, the goal is the same. Either someone is trying to trick you into handing over your credentials, or they already have your password and are trying to finish the job. If you receive a password reset alert you didn't request, treat it as a warning. Whether the message is legitimate or not, acting quickly can help prevent unauthorized access and stop an attack in progress. Here are the steps you should take right away. 1. Don't click on anything in the message: If the alert came through email or text, avoid clicking any links. Instead, go directly to the official site or app to check your account. If the request was real, there will usually be a notification inside your account. 2. Check for suspicious login activity: Most accounts have a way to view your recent logins. Look for suspicious activity like unfamiliar devices, strange locations or logins you don't recognize. A login from a location you have never been to could be a sign of a breach. 3. Change your password: Even if nothing looks wrong, it's a good idea to reset your password. Choose one that is long, complex and unique. Avoid reusing passwords across different accounts. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here. 4. Scan your device for threats: If someone got access to your password, there is a chance your device is compromised. Use strong antivirus software to scan for keyloggers or spyware. 5. Report the incident: If the alert came from a suspicious message, report it. In Gmail, tap the three-dot menu and select Report phishing. For other services, use the official website to flag unauthorized activity. You can also file a report at the FBI's Internet Crime Complaint Center if you suspect a scam. You can take a few steps to try to reduce the number of emails you receive requesting a password reset. 1. Double-check your username and password. When accessing your account, you may have a typo in your login information. Should you repeatedly attempt to access your account with this error, the company that holds the account may believe a hacking attempt is occurring, triggering an automatic reset. If your web browser automatically populates your username and password for you, make sure this information is free of typos. 2. Remove unauthorized devices. Some accounts maintain a list of devices authorized to use your account. If a hacker manages to gain some of your personal information, it may be able to add one of his devices to your authorized list, triggering account login errors as he tries to hack your password. Check the list of authorized devices and remove any items you don't recognize. The process varies, depending on the type of account. We'll cover steps for Microsoft, Gmail, Yahoo and AOL. Microsoft Gmail: Yahoo: AOL: Remember to regularly check your account settings and authorized devices to ensure the security of your accounts. If you suspect any unauthorized access, it's also a good idea to change your passwords and review your account recovery options. 3. Sort such messages to spam. If you'd prefer to simply not see these kinds of email messages, set up your email client to sort messages like this to a spam folder. (Because many of them are spam, some email clients do this automatically.) Should you ever legitimately request a password reset, though, you'll need to remember to look in the spam folder for the message. 4. Use a static IP address. Some accounts attempt to recognize your device through your IP address. If you have a dynamic IP address, your IP address changes constantly, meaning the account may not recognize your device, triggering the reset message. This often occurs because you are using a VPN. See if your VPN allows you to use a static IP address. Even if this was a one-time scare, it is important to tighten your overall security. Here are a few simple habits that go a long way: 1. Use strong and unique passwords: Use a password manager to create secure, one-of-a-kind passwords for each account. Get more details about my best expert-reviewed Password Managers of 2025 here. 2. Consider using a personal data removal service: If you're receiving password reset emails from accounts you don't remember signing up for, or from multiple services, there's a good chance your personal information is exposed on data broker sites. These companies collect and sell your data, including your email, phone number, home address and even login information from old accounts. Using a reputable data removal service can help you automatically identify and request the removal of your personal data from these sites. This reduces your risk of identity theft, credential stuffing, phishing and spam. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap — and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web 3. Turn on two-factor authentication (2FA): Enabling 2FA is one of the most effective ways to stop unauthorized access, even if someone has your password. When 2FA is active, anyone trying to log in must also complete a second verification step, usually through an app on your phone. If an attacker triggers a login attempt, you will receive a prompt to approve or deny it. This gives you the power to block the attempt in real time and confirms that 2FA is working as intended. 4. Install strong antivirus software: Install strong antivirus software to catch malware before it causes harm. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 5. Review your account settings: Make sure your recovery phone number and email are current. Remove any outdated or unused backup methods. 6. Keep your software up to date: Keep your device software and apps up to date to patch security vulnerabilities that attackers often exploit. 7. Use a VPN to protect your online activity: Avoid public Wi-Fi or use a VPN to protect your information when browsing on unsecured networks. Consider using a VPN to protect against hackers snooping on your device as well. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices It's easy to brush off an unexpected password reset message, especially if nothing else seems out of place. But these alerts are often the digital equivalent of a knock at the door when you weren't expecting anyone. Whether it's a hacker probing for a way in or a scammer trying to bait you, the smartest move is to treat every unexpected security message as a wake-up call. Taking just a few minutes to check your login history, secure your accounts and update your passwords can make all the difference. Cybersecurity isn't just for experts anymore. It's an integral part of everyday life. And the more proactive you are now, the less likely you'll be dealing with damage control later. Are tech companies doing enough to protect users from password threats, or are they putting too much responsibility on individuals? Let us know by writing to us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
