News, Token, Tokenless, Vulnerability

Researcher says 100,000 passwords exposed on IEEE site

 

Info on workers at Apple, Google, NASA, Stanford, and elsewhere was easily accessible owing to an oversight by the association for tech pros, a computer scientist in Denmark says.

All the allegedly compromised IEEE members plotted on a world map based on geolocation of their IP address.

All the allegedly compromised IEEE members plotted on a world map based on geolocation of their IP address.

(Credit: Radu Dragusin)

A computer scientist says he discovered that a server of the IEEE (Institute of Electrical and Electronics Engineers) had about 100,000 usernames and passwords stored in plaintext and publicly accessible.

Radu Dragusin, a computer scientist who works at FindZebra and is a teaching assistant at the University of Copenhagen, writes in a blog post that he discovered the problem last week and notified the IEEE about his findings, enabling them to “at least partially” fix the problem.

The data was publicly available on the IEEE FTP (File Transfer Protocol) server for at least a month, potentially exposing usernames and passwords of people who work at Apple, Google, IBM, Oracle, Samsung, NASA, Stanford, and other organizations and firms, he said. The glitch exposed all the actions the users performed on the ieee.org site, as well as spectrum.ieee.org, he added.

The IEEE provided CNET with a statement late this afternoon. “IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. We have conducted a thorough investigation and the issue has been addressed and resolved. We are in the process of notifying those who may have been affected,” the organization said. “IEEE takes safeguarding the private information of our members and customers very seriously. We regret the occurrence of this incident and any inconvenience it may have caused.”

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s