Current News



Leaked emails and passwords were from 'third-party data breaches,' University of Michigan says

Nisa Khan, Detroit Free Press on

Published in News & Features

DETROIT -- Thousands of University of Michigan students got a scare Friday night: warnings circulating on social media about an apparent data breach leaking their U-M email addresses and passwords.

On Saturday, the University of Michigan released a statement saying the information was from older "third-party data breaches, such as Chegg, Zynga, LinkedIn" where users used their student emails to sign up register.

The release emphasized there was no data leak from the university's end, and stressed students should not use the same passwords outside of U-M services. The university's Information and Technology Services department said it will reset a small number of affected accounts and send notices to owners of accounts that have been exposed.

This is not the first time that Chegg, an online textbook website, has worried users: The University of Michigan last year released a notice about a 2018 Chegg data leak.

Chegg acknowledge the breach, saying its passwords were protected by a "hashing algorithm" and that financial information had not been compromised.

U-M said the 2020 list is a compilation of older previously published and circulated lists. This has also impacted other colleges across the country, including Miami University and the University of California, Berkley.


LinkedIn, the professional networking site, had its breach in 2016. Zynga, a developer company that hosts games like Words With Friends, had a breach in 2019.

(c)2020 Detroit Free Press

Visit the Detroit Free Press at

Distributed by Tribune Content Agency, LLC.