DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

JSTOR notifying 800 users that account information was accessed by unauthorized individual(s)

Posted on April 1, 2014 by Dissent

JSTOR, a not-for-profit  founded to help academic libraries and publishers (and part of ITHAKA), is notifying 800 users of a breach discovered on March 17:

RE: Important Security Notice from JSTOR

We are writing to let you know that your MyJSTOR account was recently accessed without authorization by a third party.

What this means to you

This means the any personal information you have added as part of your MyJSTOR profile may have been accessed, including your username, password, email address, primary area of study, position/academic status, and institutional affiliation. We do not store credit card data or financial information of any kind, so this was not accessed.

What you should do

We strongly recommend that you change the password of your MyJSTOR account, and other accounts where you may use this password.

To change your password, log in to your account at JSTOR.org and select the “MyJSTOR” menu at the top of the page, then scroll down and select “My Profile.” Enter your old password where prompted and select a new, secure password. The password must be a minimum of six characters. We recommend you do the same on other sites where you use this password. For additional help with password security, you might consider password managing applications such as 1Password and LastPass.

We are sorry this happened and recognize that these kinds of events can be troubling. JSTOR has over 3 million MyJSTOR accounts in total, and yours was one of only approximately 800 accounts affected by this incident. We take these situations seriously. We have taken the steps necessary to stop this activity and are reviewing our security measures to prevent future incidents.

Please let us know if you have any questions, comments, or concerns. You can reach us at [email protected].

Thank you,

JSTOR User Services

SOURCE: California Attorney General’s web site.

DataBreaches.net  e-mailed JSTOR and ITHAKA this morning to ask when the breach occurred, how it occurred, how JSTOR learned of the breach, whether passwords were stored in plain text, what JSTOR is doing to prevent a recurrence, and whether there have been any reports of misuse of user data, but has not received any reply from either by the time of this publication.

 

No related posts.

Category: Breach IncidentsHackMiscellaneous

Post navigation

← United Opt Out attacked; site destroyed
Password bug let me see shoppers’ credit cards in eBay ProStores, claims infosec bod →

1 thought on “JSTOR notifying 800 users that account information was accessed by unauthorized individual(s)”

  1. Mike T says:
    April 1, 2014 at 6:21 pm

    http://en.wikipedia.org/wiki/United_States_v._Aaron_Swartz

    Yes, we know already they take these situations seriously. When was the FBI called in to help investigate this breach? If it turns out that JSTOR was negligent in securing the PII they were entrusted with, will they be prosecuted?

    Happy April Fools day!

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.