Around 38,000 students at a university in Germany have been told to physically line up for a new email password after the university’s servers were targeted by hackers.

Justus Liebig University (JLU) in Giessen, near Frankfurt, was hit by a malware attack earlier this month, prompting its IT staff to shut down all of its computer systems, ZDNet reported. The incident is currently being investigated by Germany’s Research Centre for Cyber Security, though information about the specific nature of the malware attack has yet to be disclosed.

Fearing that the malware may have reached its email server, the IT team decided to reset the passwords for all of the email accounts handled by the university.

But the only way the students can obtain their new password is by lining up at the university gym to collect it from staff. The passwords are reportedly being handed out on pieces of paper.

It appears that the somewhat low-tech method for resetting passwords is down to a German law that prevents educational establishments from giving out such information electronically.

The University in Gießen, Germany had a security incident that required resetting the passwords of 38000 students. Students are lining up to get their new passwords on paper, after identity verification. More about the incident on the bottom of this page: https://t.co/uMBOi2MpJr pic.twitter.com/QEKcPMZ2Sk — svbl (@svblxyz) December 17, 2019

To ensure that the delivery of the new passwords is performed in an orderly manner, the university has created a collection schedule stipulating a date and time based on an individual’s month of birth. It’s expected to take five days to complete the process of handing out the passwords to the thousands of people affected.

The malware attack is proving to be a real headache for staff at the university tasked with getting its computer systems up and running again. They’re currently using some 1,200 USB sticks loaded with anti-virus scanners to check each and every one of the university’s computers for the malware. The most recent reports said the IT team had to re-scan the machines last weekend after the anti-virus software received an update to make it more effective. Once a computer is deemed to be clean, it can be reconnected to the university’s network.

We trust that none of the passwords being handed out by the university are on the list of worst passwords for 2019. Announced this week by cybersecurity firm SplashData, they include “12345”, “123456”, “1234567” and, would you believe, “12345678”.

Oh, and if you’re using any of these, perhaps it’s time you switched to a password manager instead.

Editors' Recommendations