This article was published on September 26, 2012

100,000 user names and (lots of crappy) passwords exposed in IEEE security breach


100,000 user names and (lots of crappy) passwords exposed in IEEE security breach

You’d think that the people who are technologically proficient would have learned by now, but that seems to not be the case. Romanian researcher Radu Dragusin reports that data from the Institute of Electrical and Electronics Engineers (IEEE) was kept on an unsecured FTP server for “at least one month” previous to his discovery. Though he’s not releasing the raw data, he’s found some interesting points in his own parses.

IEEE, for background, has about 400,00 members, made up largely of big technology names. As evidence of that, Dragusin reports that there were logins for employees of companies like Apple, Google, IBM, Oracle and Samsung.

Oops.

But the story gets even more interesting when we look at the data points that Dragusin has made public. For instance, many members of the IEEE choose terrible passwords. Combinations such as “123456”, “123456789” and “password” were all very common, with literally hundreds of instances of their use.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

The breach affected users across the globe, but as you can see in the map of the users below, many of the passwords belonged to users within technology hotbeds:

As it’s rightly pointed out in the post, the danger here is that the data was available for an extended period of time, and with the combination of user names and passwords, it won’t be difficult for the right people to do some non-elaborate phishing attempts or to simply brute-force their way into other logins.

But the reach extends far beyond just FTP passwords. In fact, over 100 GB of server logs were available, showing every move made on the IEEE blog at http://spectrum.ieee.org. To say that this is a disappointment would be a pretty huge understatement.

The full report is fascinating, and you should take some time to read it. But the two salient points are simple enough – Choose good passwords and secure your servers. Someone’s always watching.

IEEE Log

Image: Robyn Beck / Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top