Users’ email addresses and their corresponding passwords used to log on to Elsevier were temporarily exposed online, reported the science website Motherboardon Monday. Reset links used to change passwords were also exposed. An employee changed his password for verification purposes and subsequently saw it appear online.
Elsevier reported Monday that the issue was resolved. When asked, a spokesperson responded that it was unclear as to how many accounts had been affected. It is also not known how long the information was exposed online.
“We’re still looking into how this could have happened, but it looks like a server was incorrectly configured as a result of human error”, said Elsevier in a statement.
According to the publisher, there are no signs that the leaked data has been misused. Elsevier will reset the accounts and inform users and the authorities.
Elsevier is one of the largest publishers of academic literature and manages various journals, books and databases, both in the form of print publications and digital publications.