In August 2016, the Swiss scholarly open access publisher known as MDPI had 17.5GB of data obtained from an unprotected Mongo DB instance. The data contained email exchanges between MDPI and their authors and reviewers which included 845k unique email addresses. MDPI have confirmed that the system has since been protected and that no data of a sensitive nature was impacted. As such, they concluded that notification to their subscribers was not necessary due to the fact that all their authors and reviewers are available online on their website.
Accounts breached: 845012
Breached on: August 30, 2016
Exposed data: Email addresses, Email messages, IP addresses, and Names
Domain: mdpi.com
Added on: March 25, 2018