Password Leak at Elsevier

Do you use resources such as Mendeley, ScienceDirect, Scopus, Evolve, Knovel, Embase, Reaxys, Engineering Village/Compendex, or ClinicalKey/Clinical Pharmacology?

If you created an account with Elsevier to access resources or journals, save searches, create lists of publications, or use Mendeley, your password has been exposed online. Change the password associated with that Elsevier account immediately. If you use the same password to access your Brown and/or Google accounts, change them as well at https://myaccount.brown.edu.

However, if you only access Elsevier resources through Brown single sign on, you are not affected. Brown University login credentials have not been compromised, and do not need to be changed.

An Elsevier server was exposing user emails, usernames, and passwords in plain text for an unknown length of time. Password reset links might also have been leaked. Elsevier has fixed the leak and is investigating the error. The company has further stated that it will provide notice to individuals affected by the breach, and that it is working to reset user accounts.

If you have any questions about accessing library electronic resources, please get in touch with eresources@brown.edu. Security questions can be directed to isg@brown.edu.

See also:
Education and Science Giant Elsevier Left Users’ Passwords Exposed Online, Motherboard Magazine
NOTICE: Elsevier Data Leak. Action Required, Brown University Library News

General Alert
Security Alert

Written by pfalcon@brown.edu on