Report of Unauthorized Login to Sophia Integrated Database
January 9, 2024
Sophia University
- Overview of Unauthorized Login
There is a possibility that the user information of 10 current students and graduates may have been tampered with due to unauthorized login to the “Sophia Integrated Database” system, which manages the information of Sophia ICT accounts and Sophia Mail.
The discovery was made when inquiries from one current student and one graduate about being unable to log in to the mail system continued from around December 16 (Saturday). Upon checking the logs, 10 cases of unauthorized login were confirmed. - Unauthorized Login Period and Access Source
It is possible that the unauthorized login occurred between December 15, 2023 to December 17, 2023. (Investigation is ongoing for the period before that.) The IP addresses that were the source of unauthorized access were mainly from overseas (multiple). - Potentially Tampered Content
Upon reviewing the logs of the “Sophia Integrated Database” system, it was discovered that the password and reminder information of the target individual had been changed. - Response Status
The passwords of all affected individuals have been forcibly changed, and reminder registration information has been cleared. On Thursday, December 21, we posted a warning for the attention of everyone on campus, including students and faculty members. - Cause Investigation
The cause of this issue is currently under investigation. At this time, possible factors include the reuse of the same login ID (email address) and password, and the possibility of unauthorized logins by third parties who obtained the information from other commercial sites, etc. (list-type account hacking).
Additionally, it has been confirmed that the Sophia mail accounts of the affected individuals were not used as a stepping stone for spam emails, etc., based on a review of the 7-day sending records. - Request to Sophia ICT Account Users (Regarding Password Management)
We would like to request the following matters to all users who utilize Sophia ICT accounts (Sophia mail, moodle):
-Complicate passwords
-Do not reuse the same password for multiple systems, etc.
-Do not write and store/manage passwords on paper
-Use password management tools, etc.
Please change your password from the Sophia University Integrated Database.
https://idb.sophia.ac.jp/sophiaDBunion/login/
Information on how to change the password for Sophia ICT accounts (Sophia mail, moodle)
https://ccweb.cc.sophia.ac.jp/en/userguide/password/pass-02-en/
Inquiries regarding this matter:
Sophia University ICT Office
ict-support[atmark]sophia.ac.jp