Heidelberg University
University Computing Centre Heidelberg logo

December 17, 2025 - IT security Precautionary measures

A large-scale cyberattack in mid-November, which aimed to bring the university's IT services to a complete standstill, was successfully repelled in time. After the advanced preparations for this attack were discovered, precautionary measures were immediately activated across the university to prevent further damage. Thanks to these measures, it was possible to continue to ensure the university's basic operations and ability to function. 

Contents

Changing passwords for Uni-ID / project numbers and MFA / tokens

+++ December 18, 2025 +++ If you have any questions about account blocking and password changes, please join the video call or visit the IT Service on site. Please think of a new password in advance to save time. Additional service: The IT service points at URZ and Carolinum will be closed from December 24, 2025, to January 6, 2026. However, the IT service team will still be available during this time on weekdays (Mon–Fri) from 9:00 a.m. to 1:00 p.m. via video call and the ticket system. +++
IT-Service

Actions

Email and numerous IT services are currently only accessible within the university network or via VPN. 

+++ December 17, 2025 +++
Maintenance of protective measures: Some central services, such as email, will remain behind VPN until at least the beginning of next year.
IT services that are the responsibility of faculties, institutions, and institutes will be gradually released for direct access from the internet. The necessary technical and organizational security measures and responsibilities will be coordinated directly with the relevant institutions. Complex issues will take a little more time. Any further functional restrictions on the availability of IT services that have not yet been reported to the URZ can be communicated to us via the responsible IT officers.

+++ December 16, 2025 +++
Additional service: The IT service points at the URZ and Carolinum will be closed from December 24, 2025, through January 6, 2026. However, the IT service team will still be available on weekdays (Mon-Fri) from 9:00 a.m. to 1:00 p.m. during this period via the ticket system and video call. 

+++ December 10, 2025 +++
The VPN restriction has been lifted for some IT services and decentralized websites that meet the required security standards. The remaining requests have been prioritized and will be processed step by step. Those responsible for the respective IT services will be contacted directly based on the existing prioritization and will receive a questionnaire, on the basis of which the review and implementation of the necessary security measures will be initiated. The initial focus is on the approval of websites (port 443).

+++ December 05, 2025 - 11:30 p.m. +++
Additional service: IT service also available on Sunday, December 06, from 9:00 a.m.via video call at the IT Service Information Center 1-6 (see room links below).

 +++ December 2, 2025 +++

  • heiCO: Applicants can register on the heiCO platform without restriction. Enrolled students and employees (login via Uni-ID) must continue to log in via the university network or a VPN connection.
  • Mobility Online can be used without restrictions.

Immediate action: Change password 

+++ December 16, 2025 +++
Additional service: The IT service points at the URZ and Carolinum will be closed from December 24, 2025, through January 6, 2026. However, the IT service team will still be available on weekdays (Mon-Fri) from 9:00 a.m. to 1:00 p.m. during this period via the ticket system and video call. 

+++ November 29, 2025 - 1:00 p.m. +++
Additional service: IT service also available on Sunday, November 30, from 9:00 a.m. to 12:00 p.m. via video call at the IT Service Information Center 1-10 (see room links below).

+++ November 28, 2025 - 12:30 p.m. +++
Additional service: IT service also available on Saturday, November 29, from 8:00 a.m. via video call at the IT Service Info Center 1-10 (see room links below).

+++ November 27, 2025 - 12:30 p.m. +++
Expanded additional service offering. The IT service team is now providing 10 additional video call rooms for password change support - please use this support option if possible. (See below or the IT service page for room links.)

+++ November 26, 2025 - 10:00 a.m. +++
Password change mandatory by Friday, November 28, 2025, 10:00 a.m. After this deadline, all accounts that have not changed their password by then will be blocked for security reasons.. If you need support, please contact IT Services immediately.

+++ November 21, 2025 - 6:00 p.m. +++
Additional service: IT service also available on Saturday, November 22, from 9:00 a.m. to 12:00 p.m. via video call at the IT Service Info Center 1-5 (see room links below).

+++ November 20, 2025 - 10:50 a.m. +++ 
Expansion of support - Additional video call rooms: If you encounter any issues with changing your password, please visit the video call rooms (see room links below).

+++ November 19, 2025 - 9:24 a.m. +++ 
All members of Heidelberg University are requested to immediately renew the passwords for their university IDs, project, function, and AD accounts. As a user, you can use the linked form within the university network or via VPN to update your password yourself.

Heidelberg University has identified preparations for a widespread attack on its IT infrastructure. Defensive measures require immediate action. The IT service department is available to answer any technical questions you may have. 

Additional video call rooms

Table

IT Service Info Center 1
https://heiconf.uni-heidelberg.de/f4cx-j3nm-dqxn-zunv
IT Service Info Center 2
https://heiconf.uni-heidelberg.de/u3j2-jc3n-e6p2-hu6x
IT Service Info Center 3
https://heiconf.uni-heidelberg.de/m27f-ytck-wk3t-jpeq
IT Service Info Center 4
https://heiconf.uni-heidelberg.de/rgea-x7dy-2934-acnf
IT Service Info Center 5
https://heiconf.uni-heidelberg.de/qnq7-azzy-cp9m-p3ee

FAQ

Table filters

Table

I am abroad and do not have access to the university network. What can I do?
Please use the video call service provided by our IT service directly. Our colleagues will help you set up MFA and VPN so that you can access the university network from abroad.
I use the same or similar passwords that I use at university for my private accounts as well. Is there anything I need to be aware of?
Yes, in this case, you should take the precaution of changing the passwords for all accounts that use the same or similar passwords. As a general rule, you should only use one password for each individual account or access point, and this password should be significantly different from all other passwords.
I have changed my password, but I still cannot log in. What can I do?
Please use the video call service provided by our IT department directly. ID verification is required to reset your password.

I changed my password on a mobile device (cell phone or tablet), but I cannot log in with the new password on my PC. What should I do?

 

If you changed your password on a mobile device while on the go, it may be that the password has not yet been synchronized with your local PC running the Windows operating system. Please log in to the university network (Wi-Fi via eduroam or VPN connection) with your PC so that the password can be synchronized. Please note: To log in to your PC (e.g., when booting up, etc.), please use your old password for the first login. However, you must log in with your new password when using VPN. Once your PC has been connected to the university network, you can log in with your new password.
Does my password need to be changed on all devices?
Please remember to change your password on all devices (PC, tablet, cell phone) and keep your password safe, e.g., by using a password manager. Repeated entries will result in your account being temporarily locked (approx. 15 minutes). 
If you are unable to access your account, please come to one of the IT Service video call rooms and have a valid ID document ready.
How can I manage my passwords?
With a password manager such as KeePassXC, you can keep track of your passwords, create secure passwords, and save them. Instructions for use can be found via the link on the right.
I updated my password and eduroam no longer works.
Please remove the eduroam profile and set up eduroam again as described in the linked service catalog.
I updated my password and printing on the Ricoh printer no longer works.
Please also change your print server password as described in the linked instructions.
The backup of my work computer using Duplicati software is no longer functioning. What can I do?
After changing the password, the connection password in Duplicati must also be updated under point 2 “Destination -> Password” in an existing backup profile so that the backups on URZ servers work.
I can no longer use the Android/iOS Outlook app.
Access to email services is currently only available via the university network or a VPN connection. Please note that this means that Outlook mobile applications will no longer work. Instead, please use the web view of Outlook, which can also be used on mobile devices.
Since changing my password, I have been having problems with my E-Mail inbox in Outlook. I am repeatedly asked to enter my password.
After changing your password, problems may arise in Outlook if several mailboxes request an update of user data at the same time. Remove your inbox and reintegrate it. Here you will find our instructions for integrating mailboxes.

Deutsch

Contact