IEEE data breach exposes 100,000 plain text passwords
Romanian researcher Radu Drăgușin says that he managed to extract 100,000 plain text IEEE member passwords from approximately 100GB of log files. The log files were publicly accessible on the IEEE's FTP server and had been available for at least a month before being discovered by the researcher.
Drăgușin says that the log files cover the period between early August and mid-September 2012 and contain nearly 380 million HTTP requests. The researcher claims to have extracted the access data of a total of 99,979 unique users – including employees from Apple, Google, IBM, Oracle and Samsung, as well as NASA and Stanford University researchers.
Drăgușin has presented a statistical evaluation of the data on his ieeelog.com web site that was specially created for this purpose. Incidentally, the most frequently used password continues to be "123456", closely followed by "ieee2012" and "12345678".
Drăgușin adds that the IEEE removed the unencrypted log files from its FTP server shortly after being informed of the problem. The IEEE has now confirmed the incident on its Facebook page and on its web site, noting that the problem has been fixed and that it is currently in the process of informing affected users. The organisation is the largest technical industry association worldwide, managing, maintaining and approving standards such as the current Ethernet and Wi-Fi specifications.