A database of almost 42 million usernames and passwords was recently posted to a public site on the Internet.   The information security site BleepingComputer.com reports that the database was uploaded to kayo.moe and is publicly available (https://www.bleepingcomputer.com/news/security/files-with-42-million-emails-and-passwords-found-on-free-hosting-service/).  There were many UW Oshkosh email addresses included in the database.  IT has notified the affected users, recommending they change their passwords.
For more information on how to change your passwords, please see the IT Knowledgebase at https://kb.uwosh.edu/search.php?q=Password&cat=0&aud=0