IEEE stored 100,000 usernames and passwords in plaintext on FTP server

What
Loss of personal data

How much
Unknown.

Why
Log files containing nearly 100,000 usernames and plain-text passwords were stored on an FTP server that did not require a login.

The log files, from ieee.org and spectrum.ieee.org, were stored in an unprotected directory on the server and were available to any public user.

Denmark-based Romanian computer scientist Radu Dragusin, who discovered the files, has undertaken not to make the raw data public, although it is not known whether the data set was downloaded by anyone else.

Analysis of the data is available on the website Dragusin created after discovering the files – ieeelog.com

The organisation has acknowledged the breach.

Regulator
None to date.

Regulatory action
None to date.

Reason for action
None to date.

When
September 2012

Links