The Cybersecurity Team at Masaryk University warns of an attack targeting a web platform operated by the European Commission, which resulted in a data breach. Specifically, for users involved in European activities or projects, we recommend changing your password and remaining highly vigilant against potential follow-up phishing messages.
On March 24, attackers targeted European Commission websites on the Europa.eu platform and stole unspecified data, which carries a risk of further misuse. In response, we strongly recommend that you change your password. This warning applies to users who have an account on the europa.eu website, which is typical for those involved in European projects and grants.
We are issuing this warning because many official EU portals hosted on europa.eu are used at Masaryk University. While the exact scope of the attack is still under investigation, the European Commission has confirmed that its internal systems were not affected.
The leaked data may be misused by attackers in follow-up scams. The impact of the incident therefore lies not only in the data breach itself, but also in possible phishing attempts, fraudulent messages, or fake login prompts that may appear to come from EU institutions. Please be cautious when dealing with suspicious communication, especially phishing messages impersonating EU institutions.
We also recommend:
Change your password (instructions below); if you use the same/similar password for other services, change it there as well.
Enable multi-factor authentication for your portal account.
Report any suspicious message or prompt that tries to get you to log in, click a link, or share information while pretending to be official communication from EU institutions.
Go to europa.eu and sign in using your current credentials. Then follow the instructions shown in the images, or use the official guide if needed.
If you are interested in the context, the terminology, or would like to better understand the reasons behind this warning.
So far, the European Commission has officially confirmed only that data was stolen from the compromised websites, but it has not disclosed a precise list. According to unofficial reports and published samples, the stolen data may have included emails and their attachments, the full user directory of the authentication service (SSO), DKIM signing keys, AWS configuration snapshots, data from the NextCloud and Athena environments, or internal administrative links. However, this information has not yet been officially confirmed, and the full scope of the incident is still under investigation.
The group ShinyHunters has publicly claimed responsibility for the attack, but the European Commission has not yet officially confirmed its involvement. Security firms associate this name with campaigns focused on stealing data from cloud services and subsequent extortion activities. Their typical methods involve social engineering, especially voice phishing, through which attackers obtain login credentials and MFA codes and then infiltrate environments such as Salesforce, Okta, or Microsoft 365.
The attack on the Europa.eu platform is a reminder that the risk lies not only in the data breach itself, but also in the possible misuse of the stolen data afterward. Users should therefore remain cautious of suspicious communication, protect their accounts with a strong password and multi-factor authentication, and report anything suspicious to MU’s Cybersecurity Team if in doubt.
You can always find everything important about cybersecurity at Masaryk University on https://security.muni.cz/en.
Masaryk University’s cybersecurity team warns against installing and using proxyware applications. At first glance, they may seem appealing, but in reality they pose a security risk, as they are actively abused for cyberattacks.
Masaryk University's cybersecurity team warns of a possible wave of DDoS (Distributed Denial of Service) attacks targeting the availability of websites and online services. This warning is primarily intended for system and service administrators.
