An Interest In:
Web News this Week
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
Some of Our Sources
- TutsPlus - Design
- Vandelay Design
- You The Designer
- Inspiredology
- Line 25
- Wal You
- Willems Lab
- Daily Now
- The Verge
- TechPowerUp
Help Webnuz
Referal links:
March 18, 2019 11:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3pCMJ3N5b_0/education-and-science-giant-elsevier-left-users-passwords-exposed-online
Education and Science Giant Elsevier Left Users' Passwords Exposed Online
The world's largest scientific publisher, Elsevier, left a server open to the public internet, exposing user email addresses and passwords. "The impacted users include people from universities and educational institutions from across the world," reports Motherboard. "It's not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials." From the report: "Most users are .edu [educational institute] accounts, either students or teachers," Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. "They could be using the same password for their emails, iCloud, etc." Motherboard verified the data exposure by asking Hussein to reset his own password to a specific phrase provided by Motherboard before hand. A few minutes later, the plain text password appeared on the exposed server. Elsevier secured the server after Motherboard approached the company for comment. Hussein also provided Elsevier with details of the security issue. An Elsevier spokesperson told Motherboard in an emailed statement that "The issue has been remedied. We are still investigating how this happened, but it appears that a server was misconfigured due to human error. We have no indication that any data on the server has been misused. As a precautionary measure, we will also be informing our data protection authority, providing notice to individuals and taking appropriate steps to reset accounts."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/3pCMJ3N5b_0/education-and-science-giant-elsevier-left-users-passwords-exposed-online
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot