News

Actions

SDSU student says hacker assumed her identity

Posted

A San Diego State student said a hacker took over her identity for 12 hours.

"It was very creepy. I was upset and crying," said Katie McClure.

On Sept. 30, the SDSU junior couldn't log into her Facebook page because her password didn't work.

About 15 minutes later, another student texted her a screengrab of a Facebook chat in which someone using her account asked for a favor.

According to McClure, the message said: "Can I sign onto your SDSU login to get Wifi? I can't get mine to work for some reason."

A screengrab from another friend reveals more of the cover story.

"I just need to get on for like 2 seconds to email my mom a pdf of my passport," McClure read from the chat log.

Throughout the night, she got about five texts from friends and acquaintances around the country, wondering what was going on.

In each case, the hacker used banter and personal details, including the fact that McClure was getting a passport. It was likely gleaned from accessing her email account and reading her emails.

The student login is a portal to financial, housing and even medical information.

"I was totally upset because someone totally violated me and who I was. Knowing somebody is out there trying to be the person you've created for yourself is terrifying, uncomfortable and upsetting," said McClure.

McClure went to school's IT Security Office. Twelve hours after it began, she took back control of her accounts and heard from more of her friends.

"Unfortunately, the majority fell for it," said McClure.

Those friends quickly changed their passwords.

According to the IT Security Office, it doesn't appear any of McClure's information was accessed.

As for her friends, it's unclear whether personal information was compromised, but the incident has left McClure nervous.

"It's the fact you don't have control over who you are," said McClure.

It's also unclear how McClure's accounts were hacked, but she said her new passwords are much stronger.

The school's IT Security Office suggests users obtain password management software, which can encrypt passwords.