Elsevier journals' system security breach

Several newspapers today have published shocking news about Elsevier’s Editorial Management System (EES) having been hacked into recently. The popular blog Retraction Watch has reported the case of the hacking during which peer reviews were faked. The security breach and resulting compromise on the peer review process has caused the retraction of 11 papers submitted to Elsevier, from China, India, Iran, and Turkey.

According to Tom Reller, VP of Global Corporate Relations at Elsevier, one of the editors of Optics & Laser Technology (JOLT) noticed, sometime in late October, that two of his assigned submissions had received reviews, although he had not invited the reviewers himself. On investigation, the Elsevier team found that someone had retrieved and used the login details of this editor and written fake peer reviews for some articles. However, it seems that the authors of the articles were not involved in the breach and were “innocent victims.” Therefore, they have been invited to resubmit their manuscripts, which will go through a thorough peer review within less than a month.

While the identity and motives of the hacker are not clear because the peer review reports were well-written and with a positive evaluation of the manuscripts, Elsevier mentions that they have been able to delete the fake accounts. Further, Tom Reller details the measures they have taken to prevent such a situation from recurring.