Account lockouts on September 26 and 27, 2019

On September 26 and 27 CCS temporarily locked 487 people out of their my.ryerson accounts. That meant they could not access their email, RAMSS, D2L, and other Ryerson services until they worked with the CCS help desk to unlock their account.

Earlier that week, CCS became aware that a database containing stolen usernames and passwords was available online. The database was stolen from Chegg, a company that provides textbook rentals and other online services. Ryerson email addresses made up 2,134 of the millions of database entries.

Since the database is readily available online, anyone at Ryerson who used the same password at Chegg and at Ryerson was at risk of having their Ryerson account hijacked. We are also aware from reports at other universities that accounts are being hijacked using the Chegg breach database.

Ryerson’s IT security team obtained the password database and found 487 accounts where the Chegg and Ryerson passwords were identical.

Almost all of the 487 accounts were not protected by two-factor authentication, which would have helped protect them from attackers using the Chegg breach database.

Please accept our apologies for any frustration or inconvenience caused by the actions we took to protect these accounts.

-Computing and Communications Services

This entry was posted in All Categories. Bookmark the permalink.