The Washington Post

CollegeConfidential Web site hacked

Here’s a good teachable moment about how to create online passwords: The Web site CollegeConfidential, which provides resources on various aspects of the college experience, was hacked.

Here’s the e-mail that members of the free Web site got from Todd Gibby, president of Hobsons Higher Education division and that was posted on the Web site:

I am writing to provide you with information about security incidents that occurred on between February 5-10. During these incidents the site may not have functioned as designed, and specifically users may have been redirected to Twitter, Facebook, or other external sites. In other cases, the site may not have been available. However, during each case the effects were mitigated and the site was quickly brought back to normal functionality.
These events have prompted us to notify you about what happened and related actions that we recommend you take. First, an unauthorized user did gain access to the site, although, there is no evidence that data was accessed or downloaded. However, there is a potential risk that login information for other external sites was accessed or viruses were introduced for those users who were redirected to those sites.


Based on these events, we are making the following precautionary recommendations:
• You should change your password on College Confidential and for any other site in which you use the same password.
• If you were using the site between February 5-10 and were redirected to Twitter, Facebook, or other external sites, you should also change your password to those sites and run anti-virus software on your device.


Following is a compilation of industry best practices for password security:
• Variety – Don’t use the same password on all the sites you visit.
• Don’t use a word from the dictionary.
• Length – Select strong passwords that can’t easily be guessed with 10 or more characters.
• Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
• Complexity – Randomly add capital letters, punctuation or symbols.
• Substitute numbers for letters that look similar (for example, substitute “0″ for “o” or “3″ for “E”.
• Never give your password to others or write it down.
• Sign out of your account after you use a publicly shared computer.


We would like to thank you for using College Confidential and want to assure you that we are consistently monitoring our web properties for security risks and making modifications to ensure secure environments. To that point, we are releasing additional patches on the site on February 14. At 5am EDT there will be up to two hours of planned downtime related to this release. If you should have additional questions, please send an email to



Todd Gibby
President, Hobsons Higher Education division

Valerie Strauss covers education and runs The Answer Sheet blog.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
Be a man and cry
Program turns prisoners into poets
Unconventional warfare with a side of ale
Play Videos
The signature dish of Charleston, S.C.
For good coffee, sniff, slurp and spit
The most interesting woman you've never heard of
Play Videos
How to prevent 'e-barrassment'
The art of tortilla-making
A man committed to journalism, caught in the crossfire
Play Videos
Tips for (relatively) stress-free dining out with kids
How to get organized for back to school
How the new credit card chip makes purchases more secure
Next Story
Valerie Strauss · February 14, 2013

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.