Carnegie Mellon University Website Home Page

SECURITY ALERT: Maplesoft Security Breach Leads to Phishing Attacks

(US Eastern Time)
DAY: Thursday
DATE: July 19, 2012


Users of Maplesoft software


Maplesoft, a provider of mathematics, modeling and simulation software that is licensed by Carnegie Mellon, reported that it was investigating a security breach of its administrative database.

As an apparent result of this breach, users of Maplesoft software are being targeted by phishing attacks. One such phishing attack claims that vulnerability has been detected in Maplesoft software and includes an attachment called This email instructs the recipient to extract the file using the password MapleSecurityUpdate1707. A variation of this message that has been detected includes a link instead of providing an attachment.


If you receive an email claiming to be from Maple or Maplesoft, DO NOT open any attachments or click on hyperlinks included in the message. The email is most likely malicious and should be deleted.

Faculty and staff members that have opened an attachment or clicked on a link in one of these emails should contact the Information Security Office at

Students who opened the attachment or clicked the link should take the following steps:

  • Update and run Symantec Antivirus on your computer.
  • Change your Andrew account password and consider changing personal account passwords.
  • Contact the Computing Services Help Center if you require assistance.


Maplesoft has created a website where they are providing updates related to this security breach and the resulting phishing attacks:

Sample text of the phishing messages:

maple phishing


Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or or to your departmental administrator or DSP consultant.