Publisher Elsevier has leaked the unencrypted passwords and e-mail addresses of users via an unsecured server. The data was accessible to everyone on the internet. How long the data was online and how many users were affected is still unclear.
Security investigator Mossab Hussein discovered Elsevier’s server. It contained unencrypted passwords of users and their e-mail addresses. Among other things, it would be about students and teachers from universities and educational institutions, according to Hussein on the basis of the .edu e-mail addresses found.
The researcher shared his discovery with Vice Magazine, which informed Elsevier. The publisher has launched an investigation into the data breach. “It looks like a server was incorrectly set up because of a human error,” said a spokesperson.
The server is now secured. The publisher says it will inform the Dutch Data Protection Authority, as well as all affected users. It will also reset the passwords of all affected accounts.
Read more about this topic at: https://motherboard.vice.com/en_us/article/vbw8b9/elsevier-user-passwords-exposed-online