(no title)

I did not tell Science how credentials were donated: either voluntarily or not. I only told that I cannot disclose the source of the credentials. I assume that some credentials coming to Sci-Hub could have been obtained by phishing.

Here's what I think possibily happens : credentials are phished, with Scihub as one of the main "customers", alongside other groups or they are put into the (semi)public domain. They are then used for other nefarious purposes by non-scihub third parties (more phishing, network access etc).

Would university accounts still be phished without Scihub? Absolutely! Would the volume be so high? I'm not so sure. Plus it still causes headaches for fellow university users of the phished account if the proxy gets blocked... especially as publisher customer services are utterly terrible and institutions could be weeks without proxy access to one of the "biggie" publishers!