All the allegedly compromised IEEE members plotted on a world map based on geolocation of their IP address.
(Credit: Radu Dragusin)
A computer scientist says he discovered that a server of the IEEE (Institute of Electrical and Electronics Engineers) had about 100,000 usernames and passwords stored in plaintext and publicly accessible.
Radu Dragusin, a computer scientist who works at FindZebra and is a teaching assistant at the University of Copenhagen, writes in a blog post that he discovered the problem last week and notified the IEEE about his findings, enabling them to “at least partially” fix the problem.
The data was publicly available on the IEEE FTP (File Transfer Protocol) server for at least a month, potentially exposing usernames and passwords of people who work at Apple, Google, IBM, Oracle, Samsung, NASA, Stanford, and other organizations and firms, he said. The glitch exposed all the actions the users performed on the ieee.org site, as well as spectrum.ieee.org, he added.
The IEEE provided CNET with a statement late this afternoon. “IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. We have conducted a thorough investigation and the issue has been addressed and resolved. We are in the process of notifying those who may have been affected,” the organization said. “IEEE takes safeguarding the private information of our members and customers very seriously. We regret the occurrence of this incident and any inconvenience it may have caused.”