When the university implemented its decision to switch students’ email accounts from Webmail to Google Apps last January, ITS seems to have glossed over a minor detail. For almost a month, it was possible for anyone to access a Wesleyan Gmail account by simply navigating to the Google Apps page, typing in an email address, and leaving the password box blank. This problem was not brought to the attention of ITS until February 26th, when a student called the help desk to inform them of the problem.
It goes without saying that ITS ought to have informed the student body about this as soon as they got word of it. The fact that anyone who stumbled upon the Google Apps page and noticed that you didn’t need a password to hack into an email account is pretty scary.
Even with all the warnings we hear about online security issues, most of us still take our privacy for granted. Online banking statements, credit card numbers, social security codes, and pin numbers are probably floating undeleted through most of our inboxes or archive folders, and anyone could have accessed all of this information with a single click.
Next time, we hope that ITS will worry less about their reputation and more about the security of students’ private information. In the mean time, we would also advise students to discard any vital passwords, codes, and identification numbers that might remain in their inboxes, in case something like this happens again.