Password Dump Notifications

The goal of the "Password Dump Notification" sent to users is to inform them about potentially compromised accounts.

Passwords are the key token for accessing computing services at CERN but also on the World Wide Web. Very often, however, such external computing service providers fail to properly protect those passwords, do not apply proper hashing methods, or just let their password databases completely unprotected. Subsequently, those databases get exposed, their contents stolen, and put for sale on the Dark Web or publicly offered for download. Often they become public. This fine website lists publicly known breaches and allows you to check whether passwords or other credentials linked to your email addresses are concerned.

The Computer Security Team has its own sources for such so-called "Password Dumps". Everytime new password dumps surface, we will notify you for all leaked credentials linked to your CERN email addresses or registered external email addresses, including all additional available information (like passwords obfuscated by us).

Please note that we pass all information we have. Very often we are lacking detailled information about the breach or from which web service the information stems. In those cases, we hope you recognise that service by your choice of password. If not, there is not much more what can be done. Still, you can check your e-mail address on HaveIBeenPwned which might have more information about recent password leaks...