All the sessions from Transform 2021 are available on-demand now. Watch now.
A programmer found nearly 100,000 unprotected usernames and passwords on the Institute of Electrical and Electronics Engineers’ servers, according to his analysis released today. The IEEE is now working to clean up the mess.
The IEEE is a well-known organization for technologists and has over 400,000 members. On September 18, Romanian programmer Radu Dragusin discovered unencrypted IEEE login credentials left publicly available on its FTP server. He says he found “99,979 unique usernames” and passwords. The servers also showed all of the members’ activities on the website and may have remained unprotected for at least a month.
“IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. We have conducted a thorough investigation and the issue has been addressed and resolved. We are in the process of notifying those who may have been affected,” the organization told VentureBeat in an email. “IEEE takes safeguarding the private information of our members and customers very seriously. We regret the occurrence of this incident and any inconvenience it may have caused.”
Dragusin says he has no intention of releasing the data, though he suspects others already have their hands on it.
As Ars Technica points out, while this is an embarrassment for the IEEE, what might be more embarrassing are the kinds of passwords being used by the members. Among the 99,979 usernames and passwords he found, 271 people used the password “123456,” followed by “ieee2012,” “12345678,” 123456789,” and “password.”
In his analysis, Dragusin notes that a number of the users are from famous technology companies such as Apple, Samsung, Google, IBM, and even NASA.
He also obtained a copy of the notification letter the IEEE sent out to infected members. It says “this matter has been addressed and resolved,” and assures users that no financial information was exposed. The organization also urged members to create a strong password, and included instructions on how to do so.
hat tip Ars Technica; images from Radu Dragusin
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more