IEEE accidentally exposed 100,000 unencrypted user credentialsBy Matthew DeCarlo
A Romanian researcher who recently found plaintext usernames and passwords on an IEEE (Institute of Electrical and Electronics Engineers) server has published his analysis of the data. Radu Dragusin, a computer scientist who works for search engine FindZebra, discovered the unsecure data on an IEEE FTP server last week.
Dragusin reports that 100GB of log files were open to anyone who visited a specific URL (now closed) for at least one month and contained unencrypted account credentials of nearly 100,000 IEEE members, which includes employees of Apple, Google, IBM, Oracle, Samsung, NASA, Stanford and many other organizations.
Dragusin reported the issue to the IEEE this Monday. The electronics association has since responded with what Dragusin calls a "partial" fix. He noted that the publicly accessible logs could have been a simple mistake with permissions, but storing sensitive information such as user credentials in plaintext is less forgivable.
While Dragusin doesn't plan to share the data with anyone, there's no telling who else may have swiped it off the server. Instead of deleting his copy, he has decided to use it for analysis including the location of affected users (above), the most used passwords, a chart of email domains and a graph of browser preferences.
Compromised IEEE members span practically every continent, with particularly high concentrations in the US, the UK, India and China. Of the 99,979 unique accounts exposed, 271 of them were "secured" with the password "123456," the second most used password was "ieee2012," while the third was "12345678."
The word "password" itself was one of the most used passwords, while other accounts used "admin," "student," "library," and "ADMIN123." We've seen the same types of weak passwords in previous breaches, but you'd think members of a technology organization like the IEEE would be a little more security conscious.
Unsurprisingly, Gmail was the most popular email with 38% of the pie, while Yahoo held second place with 7.6%, Hotmail ranked third with 4.7% and IEEE.org was fourth at 3.5%. The three major browsers had a similar share, though Chrome was consistently the most used, followed by Firefox and then Internet Explorer.