Cyber Incident Victim: JSTOR
Date:
Mar 2014
Location:
United States of America
Summary
Unauthorized access to approximately 800 MyJSTOR accounts exposed usernames, passwords, email addresses, academic statuses, areas of study, and institutional affiliations, though no financial data was compromised. The digital library notified affected users, advised password changes, and initiated a review of security protocols to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 17, 2014, JSTOR discovered unauthorized third-party access to approximately 800 MyJSTOR user accounts. The breach exposed personal information associated with these accounts, including usernames, passwords, email addresses, primary areas of academic study, institutional affiliations, and users' professional positions or academic statuses. The compromised accounts did not contain financial data such as credit card information, as JSTOR confirmed it did not store such details. Attackers gained access to the accounts through unspecified means, though the breach was confined to the MyJSTOR platform rather than JSTOR's broader academic database collections. JSTOR initiated an investigation upon detection and identified the full scope of impacted accounts within two weeks. The organization determined that the unauthorized access occurred prior to March 17 but did not specify the exact timeframe of the intrusion or the methods used by the attackers.
JSTOR formally notified affected users about the security incident on March 31, 2014, advising them to change their account passwords immediately. The digital library emphasized that no financial information had been compromised due to its absence from their systems. As part of containment measures, JSTOR implemented a password reset process for all impacted accounts while reviewing and enhancing its security protocols to prevent similar breaches. The organization did not disclose whether law enforcement was involved in investigating the incident or whether the attackers extracted data beyond accessing the accounts. The breach primarily exposed academic and professional details rather than sensitive financial identifiers, though compromised credentials could have enabled further unauthorized access if reused across other services. JSTOR's public notification through California's Attorney General office marked the conclusion of their immediate response phase, with ongoing security improvements constituting their primary preventative measure against future incidents.