Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Monday March 25 2019, @08:33PM   Printer-friendly
from the open-access dept.

Motherboard reports Education and Science Giant Elsevier Left Users' Passwords Exposed Online:

Due a to a misconfigured server, a researcher found a constant stream of Elsevier users' passwords.

Elsevier, the company behind scientific journals such as The Lancet, left a server open to the public internet, exposing user email addresses and passwords. The impacted users include people from universities and educational institutions from across the world.

It's not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials.

"Most users are .edu [educational institute] accounts, either students or teachers," Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. "They could be using the same password for their emails, iCloud, etc."

Hidden in plain sight.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Funny) by DannyB on Monday March 25 2019, @08:35PM (3 children)

    by DannyB (5839) Subscriber Badge on Monday March 25 2019, @08:35PM (#819723) Journal

    Does it allow everyone to avoid Elsevier's thieving paywall?

    It's a public service. It's a scientific experiment. Someone will write a paper about it.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 3, Funny) by AthanasiusKircher on Monday March 25 2019, @09:23PM

    by AthanasiusKircher (5291) on Monday March 25 2019, @09:23PM (#819743) Journal

    Perhaps. Though if someone writes a paper about it, it will probably end up archived behind a paywall at some other publishing giant's website.

  • (Score: 3, Insightful) by ElizabethGreene on Monday March 25 2019, @11:21PM

    by ElizabethGreene (6748) Subscriber Badge on Monday March 25 2019, @11:21PM (#819796) Journal

    That was my first question. Where can I get the data dump, because I'd love to mirror every drop of content they have over to b-ok.org.

  • (Score: 2) by choose another one on Tuesday March 26 2019, @08:44PM

    by choose another one (515) Subscriber Badge on Tuesday March 26 2019, @08:44PM (#820295)

    My thoughts exactly. But sheesh, I've spent god knows how many hours trying to find other copies of stuff that they've locked out of view by looking elsewhere on the net when all I had to do was look for the users&passwords on their servers. Dammit.