- NEWS
- Unsolicited Emails due to Unauthorized Access
2022/11/25
Unsolicited Emails due to Unauthorized Access
Unauthorized access to an e-mail account of one of our faculty members has been identified, and that account was used as a stepping stone to send unsolicited e-mails to an unspecified number of people.
We apologize for any inconvenience this may have caused those who received these e-mails.
Although we have not confirmed any secondary damage, such as personal information leakage, we will take measures to prevent a recurrence.
1. Background
On November 1, 2022, there was a report from a faculty who had been receiving a large volume of unsolicited e-mails. We investigated and found that the e-mail account had been illegally logged in on October 31, the day before the incident and that a large volume of unsolicited e-mails had been sent out from the account.
Most of the outgoing e-mails were blocked by the security functions of the e-mail system, and a large number of unsent notifications were returned to the faculty member as error e-mails.
2. Situation of Damage
(1) Unauthorized access
-The logs revealed that there had been an unauthorized login to the faculty member's e-mail account at 16:01 on October 31, 2022.
-There was no evidence of unauthorized login attempts prior to that time in the logs.
(2) Unsolicited e-mail sent by a stepping stone
-The logs revealed that between 16:01 on October 31 and 01:46 on November 1, 2022, 795 unsolicited e-mails were sent out. But 11 of these messages reached the recipients, while the security functions of the e-mail system blocked the remaining 784.
(3) Information Leakage
- All unauthorized accesses were Authenticated SMTP client applications.
- No leakage of personal information has been confirmed at this time.
- The e-mails were sent to unrelated addresses with no history of communication with the faculty member.
3. Countermeasure
- The password was changed, and multi-factor authentication was set up on November 1, as reported by the faculty.
- The university sent personal apologies to those who received the unsolicited e-mails.
- We investigated the university's systems and found that there was no evidence of unauthorized access other than the e-mail system, and the method and route of the unauthorized access are still unknown.
4. Further Actions
- We will further improve the information security awareness of the university's faculty and staff.
- We will expand with the spread of multi-factor authentication across all faculty and staff.
-We will abolish legacy authentication, such as SMTP authentication, which was abused in this case.
For inquiries regarding this matter, please contact
Soka University CSIRT E-mail: su-csirt@soka.ac.jp
We apologize for any inconvenience this may have caused those who received these e-mails.
Although we have not confirmed any secondary damage, such as personal information leakage, we will take measures to prevent a recurrence.
1. Background
On November 1, 2022, there was a report from a faculty who had been receiving a large volume of unsolicited e-mails. We investigated and found that the e-mail account had been illegally logged in on October 31, the day before the incident and that a large volume of unsolicited e-mails had been sent out from the account.
Most of the outgoing e-mails were blocked by the security functions of the e-mail system, and a large number of unsent notifications were returned to the faculty member as error e-mails.
2. Situation of Damage
(1) Unauthorized access
-The logs revealed that there had been an unauthorized login to the faculty member's e-mail account at 16:01 on October 31, 2022.
-There was no evidence of unauthorized login attempts prior to that time in the logs.
(2) Unsolicited e-mail sent by a stepping stone
-The logs revealed that between 16:01 on October 31 and 01:46 on November 1, 2022, 795 unsolicited e-mails were sent out. But 11 of these messages reached the recipients, while the security functions of the e-mail system blocked the remaining 784.
(3) Information Leakage
- All unauthorized accesses were Authenticated SMTP client applications.
- No leakage of personal information has been confirmed at this time.
- The e-mails were sent to unrelated addresses with no history of communication with the faculty member.
3. Countermeasure
- The password was changed, and multi-factor authentication was set up on November 1, as reported by the faculty.
- The university sent personal apologies to those who received the unsolicited e-mails.
- We investigated the university's systems and found that there was no evidence of unauthorized access other than the e-mail system, and the method and route of the unauthorized access are still unknown.
4. Further Actions
- We will further improve the information security awareness of the university's faculty and staff.
- We will expand with the spread of multi-factor authentication across all faculty and staff.
-We will abolish legacy authentication, such as SMTP authentication, which was abused in this case.
For inquiries regarding this matter, please contact
Soka University CSIRT E-mail: su-csirt@soka.ac.jp
ページ公開日:2022/11/25