Last Friday, Michael Cato, senior vice president and chief information officer of Information Technology (IT), sent a campus-wide email detailing email hacks that occurred through Chegg, Bowdoin’s previous online textbook vendor, as well as continuing WiFi connectivity issues. According to one email, the breach contained email addresses, shipping addresses, usernames and passwords.
Although IT never released passwords or other personal information to Chegg, some customers incidentally used their Bowdoin account passwords for their purchases. Hackers then used those passwords to access Bowdoin’s old email service called SMTP. IT has further resolved the issue by prohibiting off-campus access to the old email service.
Cato compared SMTP to a U.S. Postal Service mailbox on the sidewalk—anyone can walk up to it, drop a message in and have it sent. Bowdoin’s SMTP mailbox required a name and password to send an email but was accessible from anywhere. Effectively, IT has now moved the mailbox inside of a building, so you need to be in the building—on campus—to use the mailbox.
“Last year hackers stole over 40 million records from Chegg,” Cato wrote in an email to the Orient. “The SMTP service is still used by some systems, but no longer needs to be accessible to the entire Internet.”
Cato clarified that turning off this old service would have no effect on the new Office 365 email service.
IT has notified the students whose accounts were hacked, and the next time they log into a Bowdoin system or service, they will first be required to change their password. Cato said that if the students who were hacked reset their passwords the security breach should be resolved. IT also recommends that affected students change their passwords for any other accounts with the same password and that students not use their Bowdoin email passwords for other accounts.
Elizabeth Fosler-Jones ’20, who was affected by the breach, went to the IT Help Desk after changing her password because she was unable to login to the Bowdoin WiFi network or to her Bowdoin email on her phone.
“It isn’t a big issue, just inconvenient,” she said.
This fall, other Bowdoin community members in addition to Fosler-Jones have experienced problems connecting to the WiFi network. Having resolved the email hack, IT is now focused on resolving problems with a new WiFi system that was installed this summer.
With the new system, Aruba, devices temporarily lose their ability to ‘communicate’ even though they are still connected to the network. When the College discovered the problem, IT started working remotely with engineers from Aruba to troubleshoot and resolve these issues. Earlier this week, the engineers arrived on campus to work further in-person.
Cato said there are currently no plans for large scale changes to Bowdoin’s WiFi.