ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

MDPI Data Breach

mdpi.com
Limited exposure
Verified breach
Accounts exposed 845,012
Breach date 30 Aug 2016
Added to tracker 25 Mar 2018
Data classes 4

What happened

In August 2016, the Swiss scholarly open access publisher known as MDPI had 17.5GB of data obtained from an unprotected Mongo DB instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845k unique email addresses. MDPI have confirmed that the system has since been protected and that no data of a sensitive nature was impacted. As such, they concluded that notification to their subscribers was not necessary due to the fact that all their authors and reviewers are available online on their website.

Exposed data

Email addresses Email messages IP addresses Names

Recommended actions

  • Watch for targeted phishing emails referencing MDPI โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP