SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Education and Science Giant Elsevier Left Users' Passwords Exposed Online
Date    Monday March 25 2019, @08:33PM
Author    takyon
Topic   
from the open-access dept.
https://soylentnews.org/article.pl?sid=19/03/25/2026241

martyb writes:

Motherboard reports Education and Science Giant Elsevier Left Users' Passwords Exposed Online:

Due a to a misconfigured server, a researcher found a constant stream of Elsevier users' passwords.

Elsevier, the company behind scientific journals such as The Lancet, left a server open to the public internet, exposing user email addresses and passwords. The impacted users include people from universities and educational institutions from across the world.

It's not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials.

"Most users are .edu [educational institute] accounts, either students or teachers," Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. "They could be using the same password for their emails, iCloud, etc."

Hidden in plain sight.


Original Submission

Links

  1. "martyb" - https://soylentnews.org/~martyb/
  2. "Education and Science Giant Elsevier Left Users' Passwords Exposed Online" - https://motherboard.vice.com/en_us/article/vbw8b9/elsevier-user-passwords-exposed-online
  3. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=32484

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Education and Science Giant Elsevier Left Users' Passwords Exposed Online on 2024-03-29 14:25:22