Oxford beats Cambridge for data security

A cybersecurity firm found that Cambridge had its email addresses stolen more than twice as often as Oxford


Oxford University’s quality of data protection is far better than Cambridge’s, according to a leading cybersecurity firm.

RepKnight searched the dark web – a seedy but massive back-alley to the normal internet – and found more than twice as many stolen Cambridge email addresses as Oxford email addresses.

As part of their campaign to raise awareness of hacked credentials, the firm scoured the dark web for stolen Oxbridge email addresses using their monitoring tool Breach Alert. They found around 400,000 stolen addresses with the cam.ac.uk domain, and less than half that number with the ox.ac.uk domain.

The addresses were found across numerous dark web sites that serve as warehouses for stolen information. Collectively, those warehouses store “more than five billion stolen, leaked or hacked credentials.”

Though the term “credentials” might suggest passwords or security answers, email addresses alone could be turned against users and institutions. RepKnight warns of how hackers use stolen university emails, including doing anything from conducting phishing scams to using university systems as proxies to conduct illegal operations.

Patrick Martin, the firm’s cybersecurity analyst, said: “It is often assumed that cybercriminals are primarily targeting commercial businesses. However, it’s not hard to see why the confidential data stored at universities might be a valuable commodity for criminals, given the links those institutions have to government agencies, supra-national organisations like the EU, and the private sector.

“Like most industries, universities are working hard to improve their cyber security capabilities. But the best network security often can’t defend against someone logging in using a stolen username and password. The vast majority of the credentials we see on the Dark Web are from third-party breaches, where an email address had been used on a site like LinkedIn or Dropbox, and that site was subsequently compromised – often including the user’s password.”

The findings come after Christopher Wylie’s revelations regarding his former employer Cambridge Analytica’s data gathering practices. Andrew Nix, CEO of the British Big Data firm, bragged to an undercover reporter of swinging elections using prostitutes and sting operations, among other underhanded methods.

Facebook employees have also come forward accusing Cambridge Analytica of mining users’ data to influence their vote.

Sandy Parakilas, former platform operations manager at Facebook, told the Guardian that hundreds of millions of Facebook users could also be targeted by other companies using the same methods as Cambridge Analytica.

For Cherwell, maintaining editorial independence is vital. We are run entirely by and for students. To ensure independence, we receive no funding from the University and are reliant on obtaining other income, such as advertisements. Due to the current global situation, such sources are being limited significantly and we anticipate a tough time ahead – for us and fellow student journalists across the country.

So, if you can, please consider donating. We really appreciate any support you’re able to provide; it’ll all go towards helping with our running costs. Even if you can't support us monetarily, please consider sharing articles with friends, families, colleagues - it all helps!

Thank you!