MSU NetID passwords were left vulnerable late last week because of a software glitch, MSU technology officials said.
"It was not an attack, it was a configuration error. It was human error," said Richard Wiggins, senior information technologist for Academic Computing and Network Services.
Wiggins wouldn't comment further on the security issue but did say the hole was fixed Saturday evening.
About 6,000 accounts were affected by the glitch, and the account holders were notified via e-mail on Monday. The holders had until 4 p.m. Monday to change their passwords. Afterward, the passwords were disabled.
More than 4,000 MSU NetID users changed passwords before the deadline, while about 1,800 had passwords disabled.
To resume use of an MSU NetID, users can visit http://netid.msu.edu and click on the "Forgot my password" link to reset the information.
Wiggins said the effects of the temporary password availability are unclear, and the staff will continue to follow up on the matter.
"Any time there's password exposure, it's a serious matter," Wiggins said. "We're not aware at this point of any invasions of accounts."
Wiggins said while accounts were vulnerable, personal information could have been compromised, but as of 4 p.m. Monday, accounts no longer could be accessed with old passwords.
Computer engineering and German junior Kevin Scheel said he received an e-mail early Monday warning him of the security problem, and he immediately went to http://help.msu.edu to verify the letter.
Scheel said he does everything he can to make sure his system is secure by updating his virus checkers, but sometimes it's unavoidable.
"Security concerns - especially when you're dealing with a network the size of Michigan State - are always going to be a problem," he said. "These things are going to happen."
But the e-mail scared him more than previous virus alerts.
"I was a bit concerned not knowing the specifics of the security problems," he said. "The worms we can't control, but the password thing, that concerns me quite a bit."
But economics senior Adam Keith said although he didn't receive an e-mail, changing a password isn't a very complicated process.
"I think people kind of go a little overboard," he said. "I'd be concerned, but I wouldn't really flip out about it. I'd just change my password."
Wiggins said it always is a good idea for people to change passwords on a regular basis and to vary them across different accounts.
"If you're using the same password for MSU NetID for online banking somewhere, it's not a good practice," he said.
Staff writer Sonia Khaleel contributed to this report.
Meghan Gilbert can be reached at gilbe109@msu.edu.
