Vendors occasionally notify university libraries when they observe suspicious downloads. This most often means that a university account has been hacked and shared with cyber-criminals who systematically download large amounts of licensed content from library databases. The vendors ask the library to investigate and invariably the hacked account appears in the logs hundreds of thousands of times from different IP addresses simultaneously. Rowan University Libraries decided not to wait for vendors to contact us. We have automated the identification and reporting of hacked accounts through the use of a locally developed PERL script that runs on a daily basis.