Access Account IDs compromised by StudyRoom website

The University has learned that the commercial website getstudyroom.com has been capturing and exploiting confidential information from Penn State students, faculty and staff in order to gain access to ANGEL. This is in violation of Penn State’s AD20 Computer and Network Security policy and could compromise the privacy of student, faculty and staff information such as income and financial data, grades, email, certain health records and similar personal information.

During the last few weeks, as Penn State students, faculty and staff signed up for accounts with getstudyroom.com, the website encouraged those individuals to provide their Penn State Access Account user IDs and passwords in order to invite other members of the University community to join the website. Once a Penn State Access Account user ID and password was provided to getstudyroom.com, the website used that information to log on to ANGEL as the user associated with that user ID and password.

According to security officials, a small group of Penn State community members had their Penn State Access Accounts compromised by getstudyroom.com. These individuals will receive an email from Penn State, requiring them to change their passwords to protect their privacy and confidential information. The email will also provide instructions and resources for changing passwords and will explain that any passwords that aren't changed will expire on Monday, Feb. 17. Those individuals with compromised accounts will continue to receive email reminders until they have changed their passwords.

The University has no reason to believe that getstudyroom.com has accessed any Penn State systems other than ANGEL. However, any students, faculty or staff who have given getstudyroom.com their Penn State Access Account user IDs and passwords should visit https://www.work.psu.edu/password/ as soon as possible to change their passwords. Changing their Penn State passwords will help ensure that further personal information will not be accessed.

Members of the University community should never share their Penn State Access Account user IDs and passwords with any individual, and they should never provide such information to any website or service not associated with Penn State.

World Campus users who have questions or need assistance changing their passwords should contact the World Campus HelpDesk at 800-252-3592 (select option number 4) or 814-865-0047. All other faculty, staff and students should contact the IT Service Desk at 814-865-4357 or the Accounts Office at 814-865-4772.

Last Updated February 04, 2014