Johns Hopkins University has learned of a data leak at Elsevier, the provider of platforms such as Science Direct and Mendeley, and a major publisher of scholarly journals. An Elsevier server was exposing user emails, usernames, and passwords in plain text for an unknown length of time. Password reset links might also have been leaked.

Elsevier has fixed the leak and is investigating the error. The company has further stated that it will provide notice to individuals affected by the breach, and that it is working to reset user accounts.

Please note that Johns Hopkins University login credentials have not been compromised, and do not need to be changed. If you only use your Hopkins username and password to gain access to these resources, and have not set up an account with an Elsevier resource to save searches, create lists of publications, or use Mendeley, you are not affected by this issue.

If you have created such an account with an Elsevier resource, the university recommends that you change the password associated with that Elsevier account immediately. If you use the same password to access your Hopkins and/or Google accounts, you should change them as well.

Remember that, as a sound practice, you should not reuse passwords between online services. When choosing a password, please create a strong password that you do not use on any other service. IT@JH offers specific guidance on creating and using strong passwords.

If you have any questions about accessing library electronic resources, please get in touch with