We are aware of the exposure of user credentials from two of our vendors.
We were notified by Kanopy of a security breach that affected a small number of user accounts. We do not think any UW user accounts were affected, but individuals who also access Kanopy films and videos through their local public library may be affected. Kanopy is notifying the affected users directly.
Researchers at the cybersecurity company SpiderSilk recently discovered that a misconfigured server of Elsevier was exposing user emails and passwords in plain text for an unknown length of time. According to the reports on this leak, after being notified of the leak Elsevier remedied the situation and is investigating.
Elsevier services include the ScienceDirect platform for journals and ebook, Scopus database, and Mendeley. We recommend anyone at the University of Washington with an Elsevier account change their password immediately.