Notice: Elsevier Usernames & Passwords Accidentally Exposed
March 21, 2019
Researchers at the cybersecurity company SpiderSilk recently discovered that a misconfigured server of Elsevier (the provider of platforms like Science Direct and Mendeley, and a major scholarly journal publisher), was exposing user emails and passwords in plain text for an unknown length of time.
During the leak, password reset links may also have been leaked. After being notified of the problem, Elsevier has remedied the leak and is investigating the error. Elsevier has stated that they will be providing notice to individuals and taking steps to reset user accounts.
As a precautionary measure, we recommend all members of the Drexel community with an Elsevier username/password change it immediately. As a sound practice, individuals should not reuse passwords between online services.
For more information about online privacy and securing your online identity, visit the Drexel Libraries’ privacy guide.