Elsevier platform credentials exposed

Posted date 25/03/2019

Mossab Hussein, CSO of cybersecurity company SpiderSilk, has found a bug in Elsevier, a multimedia scientific publishing house. A bad configuration in one of its servers, exposed email addresses and their respective passwords on the Internet.

Affected users include members of universities and educational institutions around the world, most of them with accounts located in .edu domains. The data was displayed through Kibana, a visualization and classification tool.

An Elsevier spokesman told to Motherboard news portal that the problem had been solved, although they continue to investigate how it happened, and say they have informed the data protection authority, in addition to notifying users to re-establish their accounts.