Why did I get an email about Leaked Credentials?
The Queen’s IT Services Security team recently became of the following. In April 2023, the stolen identity marketplace Genesis Market was shut down by the FBI and a coalition of law enforcement agencies across the globe in "Operation Cookie Monster". The service traded in "browser fingerprints" which enabled criminals to impersonate victims and access their online services. As many of the impacted accounts did not include email addresses, "8M" is merely an approximation intended to indicate scale. Other personal data compromised by the service included names, addresses and credit card information, although not all individuals had each of these fields exposed. If you were directly notified by IT Services in an email about this breach, then your Queen's email address was included in the list of accounts that were part of this breach at Genesis Market. As a precaution, Queen’s IT Services will expire the passwords of any Queen’s account found to be listed on the breached accounts list to ensure that the password posted will no longer be valid.

What should I do to protect myself?
If you received an email message from IT Services concerning the posting of your credentials, you will be sent additional emails requesting you to change your password, prior to your password expiring. NetID passwords are changed at https://netid.queensu.ca/selfservice/login/auth

We also encourage you to take the following actions to better protect yourself and your information:

Do not reuse passwords across your accounts.
If you have used your Queen’s password on multiple sites, we strongly encourage you to change that password on every other site where it has been used.
Be extra diligent of scams that may reference your Queen's account.

What data was compromised?
According to reports, browser user agent details, Credit card CVV, Credit cards, Dates of birth, Email addresses, Names, Passwords, Phone numbers, Physical addresses, Usernames, were all part of the data breach.

Why is Queen’s expiring passwords for potentially breached accounts?
Queen’s account holders who fail to follow safe password practices are at risk when breaches like this occur. To protect your Queen’s account IT Services are taking this action to prevent account compromises by ensuring all accounts associated with the posting of credentials have refreshed passwords.

What caused the data breach?
It is believed that data like this is obtained from the mining of 3rd party breached data which has been posted online in the past. Account information obtained through other online service breaches are reviewed by hackers and when simple passwords are found, they are tested against other services to see whether the password is still valid with slight variations. IT Services obtain breach information from the service called “Have I Been Pwned?” . Visiting the website https://haveibeenpwned.com/ will allow you to enter and check your Queen’s University email address against all publicized breaches that reference your Queen’s email address. The site also provides details about the data breach, including links to additional information.