IEEE Mistake Exposes Tens of Thousands of Member Names and Passwords
September 26, 2012 9:12 AM
comment(s) - last by
No public acknowledgment of the leak offered
The Institute of Electrical and Electronics Engineers (IEEE) reportedly made a massive mistake that left nearly 100,000 usernames and passwords of members of the organization exposed on a public server. A plain text list of username and password combinations was publicly available on a FTP server for over a month before being discovered. The plain text list was discovered last week by teaching assistant in the computer science department at the University of Copenhagen.
Considering the huge number of technology experts who are members of the IEEE and who work for the organization, this is a massive and hugely embarrassing security fault. The usernames and passwords of members weren't the only pieces of information exposed on the publicly accessible FTP site. In addition, over 100 GB of Web server log files from ieee.org and spectrum.ieee.org were publicly available because server administrators hadn't set access controls.
Those logs reportedly showed 376 million HTTP requests and 411,308 of those included both usernames and passwords.
reports that most of the compromised accounts belonged to employees at Apple, Google, IBM, Oracle, and Samsung. However, some of the user names and passwords exposed also belong to researchers from NASA, Stanford University, and other universities and organizations.
reports that the IEEE has yet to publicly admit the data was leaked and hasn't been returning calls for comment. Teaching assistant Radu Dragusin said, "One simple and stupid mistake: public access to logs. The other, more troublesome, keeping passwords in plain text, which seems to be more on how they architect their login system." He also noted that, "While the first issue [log files] is clearly solved, I doubt the second is."
This article is over a month old, voting and posting comments is disabled
9/26/2012 2:29:56 PM
Let’s all go back to paper and pen and save everything in fireproof cabinets and briefcases with combination locks only known to 3 people at a time.
9/26/2012 2:43:35 PM
meh. It sickens me that large organizations have such poor security.
"So, I think the same thing of the music industry. They can't say that they're losing money, you know what I'm saying. They just probably don't have the same surplus that they had." -- Wu-Tang Clan founder RZA
Report: AT&T Eyeing $40B DirecTV Purchase
May 1, 2014, 8:00 AM
WebOS Class Action Settlement Costs HP $57 Million
April 1, 2014, 10:22 AM
IBM Workers Strike Over Terms of Deal That Will Have Them Working for Lenovo
March 6, 2014, 9:29 AM
Google Picking Up Artificial Intelligence Company "DeepMind" for $400 Million
January 27, 2014, 9:25 AM
Quick Note: Qualcomm Grabs up Palm, IPAQ, and Bitfone Patent Portfolio from HP
January 24, 2014, 9:18 AM
Verizon Buys Intel Media OnCue Cloud TV assets
January 21, 2014, 10:26 AM
Most Popular Articles
Microsoft Kills Entertainment Unit, May Shelve Flagship Lumia "McLaren"
July 18, 2014, 7:40 PM
JJ Abrams Unveils X-Wing Starfighter for New "Star Wars" Movie
July 21, 2014, 12:24 PM
Ford Details ’15 F-150’s 325hp, 2.7L EcoBoost V6; Demonstrates 732-lb Weight Loss
July 22, 2014, 6:55 PM
Comcast Memo: Harassing Customers During Retention Calls Actually IS Our Policy
July 22, 2014, 5:19 PM
Motorola Moto G Successor Reportedly Uncovered, Moto X Discounted by up to $75
July 21, 2014, 1:11 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information