John Hey on WOOD TV8: Online Crooks Selling Stolen, Emails

GRAND RAPIDS, Mich. (WOOD) — New research found millions of college email addresses circulating on the Dark Web, hundreds of thousands of which are connected to universities in Michigan.

The report comes from the Digital Citizens Alliance, a cooperation of businesses, consumers and experts who work to promote internet safety. Researchers scanned the Dark Web — the term used for corners of the internet where criminals do business — and found 13,930,176 stolen email accounts connected to universities around the U.S. as of March 2.

The group found that the largest number of those credentials are from the University of Michigan — some 122,556 accounts were available.

Researchers said the email addresses aren’t from a massive data breach at U of M, but more likely from data breaches at other sites where people have used their .edu addresses and passwords, like social media sites or online shopping.

Michigan State University had the fourth-most stolen emails on the Dark Web with 115,973. In all, there were 408,644 stolen email addresses from schools in the state of Michigan.

Other universities with a high number of pirated credentials included Pennsylvania State University, the University of Minnesota-Twin Cities and Ohio State University.

Crooks use the credentials to run scams or as entry points to steal more personal information.

“Just like with any email address, it’s a bread crumb towards identity theft,” John Hey, the COO of Grandville-based IT firm Trivalent Group, explained to 24 Hour News 8. “So they can use that to correlate other information to perhaps learn more about your identity, then use that to compromise something else. The other thing is that these .edu email addresses are considered more trustworthy. And think about for a moment all those things you get student and faculty discounts on — Amazon Prime memberships and music downloads.”