Poorly Configured Elsevier Server, Left Access to Data Open

2019, Breaches, March

Who: Elsevier

# of Accounts Breached: Undetermined

What was affected: User email addresses and passwords

When it happened: 18 Mar 2019

How it happened: Due to a misconfigured server, a researcher found a constant stream of Elsevier users’ passwords.

Outcome: An Elsevier spokesperson said that “The issue has been remedied. We are still investigating how this happened, but it appears that a server was misconfigured due to human error. We have no indication that any data on the server has been misused. As a precautionary measure, we will also be informing our data protection authority, providing notice to individuals and taking appropriate steps to reset accounts.”