DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

JSTOR notifying 800 users that account information was accessed by unauthorized individual(s)

Posted on April 1, 2014 by Dissent

JSTOR, a not-for-profit  founded to help academic libraries and publishers (and part of ITHAKA), is notifying 800 users of a breach discovered on March 17:

RE: Important Security Notice from JSTOR

We are writing to let you know that your MyJSTOR account was recently accessed without authorization by a third party.

What this means to you

This means the any personal information you have added as part of your MyJSTOR profile may have been accessed, including your username, password, email address, primary area of study, position/academic status, and institutional affiliation. We do not store credit card data or financial information of any kind, so this was not accessed.

What you should do

We strongly recommend that you change the password of your MyJSTOR account, and other accounts where you may use this password.

To change your password, log in to your account at JSTOR.org and select the “MyJSTOR” menu at the top of the page, then scroll down and select “My Profile.” Enter your old password where prompted and select a new, secure password. The password must be a minimum of six characters. We recommend you do the same on other sites where you use this password. For additional help with password security, you might consider password managing applications such as 1Password and LastPass.

We are sorry this happened and recognize that these kinds of events can be troubling. JSTOR has over 3 million MyJSTOR accounts in total, and yours was one of only approximately 800 accounts affected by this incident. We take these situations seriously. We have taken the steps necessary to stop this activity and are reviewing our security measures to prevent future incidents.

Please let us know if you have any questions, comments, or concerns. You can reach us at [email protected].

Thank you,

JSTOR User Services

SOURCE: California Attorney General’s web site.

DataBreaches.net  e-mailed JSTOR and ITHAKA this morning to ask when the breach occurred, how it occurred, how JSTOR learned of the breach, whether passwords were stored in plain text, what JSTOR is doing to prevent a recurrence, and whether there have been any reports of misuse of user data, but has not received any reply from either by the time of this publication.

 

No related posts.

Category: Breach IncidentsHackMiscellaneous

Post navigation

← United Opt Out attacked; site destroyed
Password bug let me see shoppers’ credit cards in eBay ProStores, claims infosec bod →

1 thought on “JSTOR notifying 800 users that account information was accessed by unauthorized individual(s)”

  1. Mike T says:
    April 1, 2014 at 6:21 pm

    http://en.wikipedia.org/wiki/United_States_v._Aaron_Swartz

    Yes, we know already they take these situations seriously. When was the FBI called in to help investigate this breach? If it turns out that JSTOR was negligent in securing the PII they were entrusted with, will they be prosecuted?

    Happy April Fools day!

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
  • Senator Chides FBI for Weak Advice on Mobile Security
  • Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks
  • Kelly Benefits updates its 2024 data breach report: impacts 550,000 customers
  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban
  • 20 States Sue HHS to Stop Medicaid Data Sharing with ICE
  • Kids are making deepfakes of each other, and laws aren’t keeping up
  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.