Skip to main content
more options

What to do if you suspect your NetID has been stolen

1.    Change your NetID password and your security questions immediately

To change your password, go to netid.cornell.edu and click Change your Password. Make sure:

  • The new password is not similar to the old one.
  • Your new NetID password is not the same as or similar to any passwords you use for other purposes, such as online banking or shopping.

If you have set security questions, you should change them as well. If you have not previously set your security questions, do so now – also at netid.cornell.edu. This will allow you to set a new password, should you forget your current password, without visiting the CIT HelpDesk.

If you cannot change your password

Sometimes whoever is using your stolen NetID will change the password. In addition, if the IT Security Office determines that your NetID password has been compromised, that office may need to scramble your password, before contacting you, to stop further abuse.

  • If you have set security questions for your NetID, answering them correctly will allow you to set a new password. Go to netid.cit.cornell.edu and click Reset your Password using your Security Questions. Of course, if someone has changed your password, they may have also changed your security questions.
  • You can set a new password at the CIT HelpDesk in the Computing and Communications Center (CCC). You will need to appear in person and present your Cornell ID card or a government-issued photo ID card. See the current HelpDesk hours.
  • If you are not currently in Ithaca, contact the CIT HelpDesk (phone 607 255-8990, email helpdesk@cornell.edu). You will need to fax or mail in a copy of a government-issued ID card. Instructions for setting a new password will be sent to you by U.S. mail.

2. Check your Cornell personal information

If your NetID was used to send out spam, there are three places to check whether your email settings have been altered.

WebMail is the most common place for someone using your email account to make changes.

  1. Log into WebMail.
  2. Choose Options from the menu items along the top of the screen.
  3. Go to Personal Information.
  4. The Full Name, Reply To and Signature fields are all commonly changed by the person using a stolen WebMail account.

Although the email system in uPortal.Cornell is less commonly used by spammers, you should check your settings there as well.

  1. Log into uPortal.Cornell.
  2. Select the Bear Access tab.
  3. Open the Option menu by clicking the arrow in the upper, left corner of the E-mail channel.
  4. Select Edit.
  5. The Sender name and Email signature fields are what might have been changed.

You should also review your mail routing preferences in Who I Am. Sometimes the spammer will change where email addressed to you is being sent.

  1. Log into Who I Am.
  2. Go to the Electronic Mail tab.
  3. Check for new or different entries in the box where you can list other addresses besides your default postoffice account.

You should also see whether any of your personal information has been changed in such places as:

3. Report the incident immediately

Any possible or confirmed theft of a NetID password needs to be reported immediately to the IT Security Office via security@cornell.edu. Don't wait to see if anything "bad" happens before you report it.

We may contact you for additional information since, to help us prevent this in the future, we always try to determine how a password was stolen. We can also look at computer records to see what services your NetID was used to access, and how long it was abused.

Cornell faculty and staff should also notify their department's technical support staff.