2. What the attackers may have done

Once the attackers gained access to your account they may have stolen personal data from your emails. Some University systems use the same credentials as your Nexus email (your single sign on credentials), so if it was your Nexus email which was compromised the attackers may have accessed other systems as well. Information about which services use single sign on can be found at:

http://www.oucs.ox.ac.uk/webauth/oxfordusername.xml?ID=services

If the compromised email account is run by your college or department those credentials may still be linked to other systems, in this case please contact your local IT support staff for more information.

You will also need to consider any services which may send password reset or reminder emails to the compromised account, as the attacker may now have access to those accounts as well. These may include services within the University, other academic resources, and personal accounts such as those for Amazon, GMail, or Facebook.

If the attacker has reset a password it should be obvious as you will no longer be able to access that account. However be aware that if a service simply generates a password reminder email which the attacker has deleted, you may be unable to tell if they have access to that account. If in any doubt, set a new, unique password for the account in question.

Up: Contents Previous: 1. How your account could have been compromised Next: 3. What to do next