Targeted attack against user identification (updated 27.6.)

The Haaga-Helia environment has been attacked in order to collect user IDs, lock them and direct users to a phishing site to reveal their IDs and passwords. 

Kuvassa on kannettavan tietokoneen näppäimistö ja sen päällä solmussa oleva verkkojohto.
News article

Body

Update 27.6.: Sing-in into Moodle, Peppi and other except O365 systems have not worked because of maintenance breaki. 

Number of cracked IDs have been minimal and we have contacted in person all the users. Singing in into other systems than library has not been observed.

We are monitoring the situation and if we discover something unusual we will react. We will work in co-operation with authorities to find out the source of this attac. We will discontinue reporting the situation on this page.

Update 13.6.: Changing passwords to your own is no longer possible via the network interface (form on the website). If you want to set a password of your choice, you can do it on campus using Haaga-Helia devices. You can reset a forgotten password or ID after logging in to suomi.fi authentication. If you do not have suomi.fi authentication, the HelpDesk can change your password for you upon request.

Update 12.6.: The situation has been calm. There are only a few passwords discovered by the attacker, and we have managed to secure them.  We urge all students to ensure the strength of their passwords. Please see examples of good passwords at the end of this news article. It is important that you do not use the same password on other services. An attacker may have a list of leaked, commonly used passwords to try to log into other services. When passwords are different, a leaked password from one place will not open access to other services.

Update 11.6.: The attack on the user IDs has calmed down. However, we have tightened our ID locking policy. Passwords are now more easily locked and stay locked for longer periods of time. If you have problem, please contact the Haaga-Helia HelpDesk.



An attempt has been made to hack into Haaga-Helia's mainly student accounts, which has caused the accounts to be locked. The lock is on for a certain period of time and the account cannot be used during this time.

Users have reported that they cannot access Moodle etc., and after this they have been redirected to a website where they are asked to reset their account. 

We do not recommend resetting the account, but to wait a while and try again. An account that has been locked due to an attack will be unlocked later. Contact HelpDesk if you have problems using your account.

This denial of service / brute force attack has been continuing during weekend. Because of this attack, we had to close some of our library services. If you notice something unusual, contact HelpDesk. 

One should be extremely careful, if the user account information has been discovered by attacker, risk of phishing emails and breaking passwords has risen. 

We are working to solve this problem. There may be breaks within services, but we try to keep them as short as possible.

Check the strength of your password

Please make sure that the password for your account is strong enough. A good password is long enough and contains special characters. 

Students can change their password for the Haaga-Helia environment according to the instructions below:

Student user IDs and passwords

Contact