Researcher Discovers 100k IEEE User Passwords on Public FTP

If you are a member of IEEE, it might be the time for you to change the password.

A Romanian university teaching assistant, Radu Dragusin, has discovered a publicly accessible FTP server that stored around 100,000 usernames and passwords in plain text.  The passwords where found in logs stored on the FTP server. There where around 100GBs of logs which contained 376 million HTTP requests. Out of these, 411,308 entries contained passwords.

He reported the vulnerability to the officials on September 24th and they are rectifying the issue at the moment. The FTP server which contained the information has been taken offline and they are sending password reset email to all those affected. But we are yet to see a public statement from them.

IEEE, if you are not aware, stands for Institute of Electrical and Electronic Engineers and is an international organization that promotes technology and science. Its members include high position holders from various prestigious institutions. Radu says that the logs consisted passwords of Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford etc. The data is assumed to have been available online for about a month. But it is not certain whether the data has been acquired by hackers.

IEEE officials will have to answer a lot of questions in the coming days. Most importantly, why was the password stored as plain text. Secondly, why was the FTP server permissions not set correctly, when it contained massive amount of logs. Hopefully, they will rectify the issues as soon as possible and this should be a cue for others to secure the customer’s data.

Source: IEEE Log

Published by

Nithin Ramesh

Nithin is a blogger and a Windows security enthusiast. He is currently pursuing Bachelors in Electronics and Communication. Apart from technology his other interests include reading and rock music. His Twitter handle is @nithinr6