Arizona Man Arrested for Hacking More Than 1,000 Pace Email Accounts


Mortola Library By The original uploader was Ld at English Wikipedia via Wikimedia Commons

Michelle Ricciardi, Editor in Chief

An Arizona man was arrested last Wednesday after hacking into more than 1,000 student email accounts here at Pace, just in time for cybersecurity awareness month.

Jonathan Powell broke into 1,035 student emails and social media accounts between October 2015 and September 2016 in search of lewd and “embarrassing” content, using keywords such as “naked” and “horny,” according to the U.S. Attorney for the Southern District of New York and Executive Director of Media Relations, Scott Trent.

According to a statement provided by the university:

“In response to a potential information security breach, Pace launched an internal investigation and immediately brought in the cybersecurity forensics team it has on-call under an existing agreement. When it was determined the incident had originated outside the University and the perpetrator had also possibly compromised external, non-Pace social media accounts, the University contacted the Federal Bureau of Investigation and US Attorney’s Office. As a result of the efforts of the FBI and the US Attorney’s Office, the individual responsible has been identified and arrested.”

The complaint states that Pace reported the hack to the FBI in August after students complained of unwarranted changes to their email accounts.

The FBI then launched an investigation that tracked the hacker’s IP address to Powell’s computer at his place of work and also discovered that Powell had attempted to hack student emails at more than 75 schools.

Powell attempted to break into 2,054 Pace email accounts in total.

He accessed students’ information by using a password-reset tool in order to access the emails and change the passwords.

His web browser revealed that he searched for students’ biographical information in order to break into their emails, such as high school mascots and names of relatives. Powell then changed the passwords for students’ Facebook, Gmail, Apple iCloud, and LinkedIn pages.

If found guilty, Powell could face a maximum of five years in prison for fraud.

Trent gave no further comment about the future of cybersecurity at Pace.

Pace Information Security Analyst for Information Technology Services (ITS), Lawrence Robcke, was also contacted but did not comment.