Here’s the e-mail that members of the free Web site got from Todd Gibby, president of Hobsons Higher Education division and that was posted on the Web site:
I am writing to provide you with information about security incidents that occurred on CollegeConfidential.com between February 5-10. During these incidents the site may not have functioned as designed, and specifically users may have been redirected to Twitter, Facebook, or other external sites. In other cases, the site may not have been available. However, during each case the effects were mitigated and the site was quickly brought back to normal functionality.
These events have prompted us to notify you about what happened and related actions that we recommend you take. First, an unauthorized user did gain access to the site, although, there is no evidence that data was accessed or downloaded. However, there is a potential risk that login information for other external sites was accessed or viruses were introduced for those users who were redirected to those sites.
Based on these events, we are making the following precautionary recommendations:
• You should change your password on College Confidential and for any other site in which you use the same password.
• If you were using the site between February 5-10 and were redirected to Twitter, Facebook, or other external sites, you should also change your password to those sites and run anti-virus software on your device.
Following is a compilation of industry best practices for password security:
• Variety – Don’t use the same password on all the sites you visit.
• Don’t use a word from the dictionary.
• Length – Select strong passwords that can’t easily be guessed with 10 or more characters.
• Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
• Complexity – Randomly add capital letters, punctuation or symbols.
• Substitute numbers for letters that look similar (for example, substitute “0″ for “o” or “3″ for “E”.
• Never give your password to others or write it down.
• Sign out of your account after you use a publicly shared computer.
We would like to thank you for using College Confidential and want to assure you that we are consistently monitoring our web properties for security risks and making modifications to ensure secure environments. To that point, we are releasing additional patches on the site on February 14. At 5am EDT there will be up to two hours of planned downtime related to this release. If you should have additional questions, please send an email to CCquestions@hobsons.com.
President, Hobsons Higher Education division