IEEE stored 100,000 usernames and passwords in plaintext on FTP server

Loss of personal data

How much

Log files containing nearly 100,000 usernames and plain-text passwords were stored on an FTP server that did not require a login.

The log files, from and, were stored in an unprotected directory on the server and were available to any public user.

Denmark-based Romanian computer scientist Radu Dragusin, who discovered the files, has undertaken not to make the raw data public, although it is not known whether the data set was downloaded by anyone else.

Analysis of the data is available on the website Dragusin created after discovering the files –

The organisation has acknowledged the breach.

None to date.

Regulatory action
None to date.

Reason for action
None to date.

September 2012