Following cleanup from the highly publicized Heartbleed security vulnerability, NC State’s Office of Information Technology is strongly recommending that NC State Unity account holders change their password. Heartbleed, a security flaw in a widely used technology that encrypts data transferred online, allows attackers to steal sensitive data, including passwords.
OIT staff have worked to patch affected servers and to identify other vulnerable services since the security flaw went public April 7. There are no signs that the vulnerability was exploited to tap into any NC State services, but it’s best to play it safe.
What should you do?
- Change your Unity password by typing “ncsu.edu/password” into your browser. It’s safer to type the URL directly than to click on a link. You will be directed to “sysnews.ncsu.edu/passwd.”
- Change your password on other accounts you have that might have been impacted. Always use unique passwords for each of your online accounts.
- To keep track of your passwords, consider using a password manager like KeePass, LastPass or 1Password.
- Look out for phishing schemes that will likely exploit this bug. Do not click on suspicious or unknown links in email.
OIT continues to monitor this situation and will attempt to contact owners of any additional devices still found to be vulnerable. If needed, further information will be distributed through IT staff channels and via SysNews. Questions should be directed to the NC State Help Desk at firstname.lastname@example.org or 515.HELP (4357).