Poorly Configured Elsevier Server, Left Access to Data Open
Who: Elsevier
# of Accounts Breached: Undetermined
What was affected: User email addresses and passwords
When it happened: 18 Mar 2019
How it happened: Due to a misconfigured server, a researcher found a constant stream of Elsevier users’ passwords.
Outcome: An Elsevier spokesperson said that “The issue has been remedied. We are still investigating how this happened, but it appears that a server was misconfigured due to human error. We have no indication that any data on the server has been misused. As a precautionary measure, we will also be informing our data protection authority, providing notice to individuals and taking appropriate steps to reset accounts.”