Education and Science Giant Elsevier Left Users’ Passwords Exposed Online

The world’s largest scientific publisher, Elsevier, left a server open to the public internet, exposing user email addresses and passwords. “The impacted users include people from universities and educational institutions from across the world,” reports Motherboard. “It’s not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials.” From the report: “Most users are .edu [educational institute] accounts, either students or teachers,” Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. “They could be using the same password for their emails, iCloud, etc.” Motherboard verified the data exposure by asking Hussein to reset his own password to a specific phrase provided by Motherboard before hand. A few minutes later, the plain text password


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3pCMJ3N5b_0/education-and-science-giant-elsevier-left-users-passwords-exposed-online

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: