How would I know if my CalNet credentials were compromised?

You may not always know. Scams and malware that steal passwords are designed to be stealthy and unnoticed.
 
Passwords are most frequently compromised one of three ways:
  • Being tricked to giving up your credentials at a real-looking but scam website (AKA Phishing)
  • Malware or other compromises of your device which installs software designed to run in the background and steal passphrases
  • Re-using CalNet credentials for non-UCB websites, and the non-UCB websites are hacked and all credentials exposed

However, a couple of tell-tale signs of credential compromise are:

  • Your colleagues and friends have received unexpected messages from your email account (spam or additional Phishing emails)
  • You suddenly cannot login with your CalNet credentials because an attacker has changed your passphrase
The best defense addresses all three main threats:
  • Know how to evaluate whether websites asking for your passphrase are legitimate. When in doubt, ask by sending an email to itcsshelp@berkeley.edu or contacting ITCS at 510-664-9000
  • Only use devices that are up-to-date. This means patches for all software are installed as soon as the patches become available, that the browsers are configured for maximum security, and the device otherwise meets the campus Minimum Security Standards for Networked Devices.
  • Do not reuse your CalNet passphrase for other websites

If in doubt regarding the security of your CalNet account, change your CalNet passphrase!

When changing your CalNet passphrase, be sure to do so from a machine you believe is not infected by malware or otherwise compromised. Anti-malware and antivirus scans should result in a "clean" report (no infections) for the machine you intend to use to change your CalNet passphrase from.

Note: The Information Security Office is sometimes informed when passwords associated with UC Berkeley accounts are exposed in public forums or discovered during breach investigations. In these cases, we may test the exposed passwords to see if they are valid CalNet passphrase. If the passphrase is validated, it will be scrambled immediately and the account deactivated until the account owner is contacted to create a new passphrase. This testing is done only for validation purposes and is not used for access to the account holder's email or other electronic services.

Please see Why did I get a Credential Exposure notice and what should I do? for information on what to do if you receive an ISO Security notification for exposure of your account credentials.