Motherboard reports Education and Science Giant Elsevier Left Users' Passwords Exposed Online:
Due a to a misconfigured server, a researcher found a constant stream of Elsevier users' passwords.
Elsevier, the company behind scientific journals such as The Lancet, left a server open to the public internet, exposing user email addresses and passwords. The impacted users include people from universities and educational institutions from across the world.
It's not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials.
"Most users are .edu [educational institute] accounts, either students or teachers," Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. "They could be using the same password for their emails, iCloud, etc."
Hidden in plain sight.
Related Stories
California universities and Elsevier make up, ink big open-access deal:
Two years after a high-profile falling out, the University of California (UC) system and the academic publishing giant Elsevier have patched up differences and agreed on what will be the largest deal for open-access publishing in scholarly journals in North America. The deal is also the world's first such contract that includes Elsevier's highly selective flagship journals Cell and The Lancet.
The deal meets demands made by UC when it suspended negotiations with Elsevier in 2019. It allows UC faculty and students to read articles in almost all of Elsevier's more than 2600 journals, and it enables UC authors to publish articles that they can make open access, or free for anyone to read, by paying a per-article fee. Elsevier says it will discount those open-access fees, and UC says it will subsidize their authors.
UC estimates the new deal will cost its libraries' budget 7% less than what they would have paid had it extended its old contract with Elsevier, which expired in December 2018. UC paid $11 million that year. But the university's total spending on the deal, including money from outside funding sources, could be higher than that, depending on how many articles it publishes open access, Elsevier says.
(Score: 4, Funny) by DannyB on Monday March 25 2019, @08:35PM (3 children)
Does it allow everyone to avoid Elsevier's thieving paywall?
It's a public service. It's a scientific experiment. Someone will write a paper about it.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Funny) by AthanasiusKircher on Monday March 25 2019, @09:23PM
Perhaps. Though if someone writes a paper about it, it will probably end up archived behind a paywall at some other publishing giant's website.
(Score: 3, Insightful) by ElizabethGreene on Monday March 25 2019, @11:21PM
That was my first question. Where can I get the data dump, because I'd love to mirror every drop of content they have over to b-ok.org.
(Score: 2) by choose another one on Tuesday March 26 2019, @08:44PM
My thoughts exactly. But sheesh, I've spent god knows how many hours trying to find other copies of stuff that they've locked out of view by looking elsewhere on the net when all I had to do was look for the users&passwords on their servers. Dammit.
(Score: 0) by Anonymous Coward on Tuesday March 26 2019, @11:31AM
ElseView.