Industry News

IEEE Site Exposes 100,000 Plaintext Usernames and Passwords

A server belonging to the Institute of Electrical and Electronics Engineers was found hosting a publicly available file containing plaintext usernames and passwords of 100,000 workers from Apple, Google, IBM, Oracle, Samsung, NASA, Stanford, and others.

The issue was discovered by Radu Dragusin, a computer scientist at FindZebra, who notified IEEE, enabling the institute to “partially” fix the issue. Besides this file, webserver logs detailing user actions performed on ieee.org and spectrum.ieee.org were also available for at least a month.

“On these logs, as is the norm, every Web request was recorded (more than 376 million HTTP requests in total),” said Dragusin in a blog post. “Web server logs should never be publicly available, since they usually contain information that can be used to identify users….”

Over 100 GB of logs were available to everyone with access to the FTP directory, raising serious privacy and security issues, as an employees with access could have easily found the plaintext usernames and passwords within the logs as well.

Although setting access permissions to FTP files is considered a simple mistake, keeping passwords in plaintext is unacceptable, warns Dragusin. IEEE said it’s investigating the problem and affected users will be notified.

IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. We have conducted a thorough investigation and the issue has been addressed and resolved. We are in the process of notifying those who may have been affected,” the organization said. “IEEE takes safeguarding the private information of our members and customers very seriously. We regret the occurrence of this incident and any inconvenience it may have caused.

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • u as user do all your best to keep this kind of data safe and they post on ftp :)), nice…

    if nasa account was leaked perhaps now we will see if we really reached on moon