Following cleanup from the highly-publicized Heartbleed vulnerability, OIT is strongly recommending that NC State Unity account holders change their password. Heartbleed, a security flaw in a widely used technology that encrypts data transferred online, allows attackers to steal sensitive data like passwords.

University IT staff have worked diligently to patch affected servers and identify other vulnerable services since the security flaw went public April 7. There are no signs that the vulnerability was exploited to tap into any NC State services, but it’s best to play it safe.

What should you do?

• Change your Unity password by typing “ncsu.edu/password” in to your browser. (It’s safer to type the URL directly than to click on a link.) You will be directed to “sysnews.ncsu.edu/passwd.”
• Change your password on other accounts you have that might have been impacted. Always use unique passwords for each of your online accounts.
• To keep track of your passwords, consider using a password manager like KeePass, LastPass or 1Password.
• Look out for phishing schemes that will likely exploit this bug. Do not click on suspicious or unknown links in email.

OIT continues to monitor this situation and will attempt to contact owners of any additional devices still found to be vulnerable. If needed, further information will be distributed through IT staff channels and via SysNews.

Questions should be directed to the NC State Help Desk at help@ncsu.edu or 919.515.HELP (4357).