Accidental exposure of user names and passwords in Elsevier services
The cybersecurity company SpiderSilk determined that a misconfigured Elsevier server exposed user email addresses and passwords in plain text for an unknown length of time (source article). (Elsevier is the provider of platforms like Science Direct and Mendeley and a major scholarly journal publisher.)
Elsevier resolved this problem after being notified by the security vendor and is investigating the incident. As noted in the article, an Elsevier representative stated that the vendor will be providing notice to individuals and taking steps to reset user accounts.
We do not know if any members of the UO community were affected. As a precautionary measure, the UO Libraries recommend that all members of the UO community with an Elsevier or Mendeley account change their password immediately. Additionally, if any of your Elsevier accounts uses the same password that you use to login to your DuckID accounts (@uoregon.edu), please change your DuckID password immediately.