Researcher finds 100K passwords, user IDs, on IEEE site

Danish CS teaching assistant says he stumbled upon IEEE cache during search for research material

By , Computerworld |  Security, ieee

The breach is embarrassing for IEEE as it's a mistake -- storing login credentials in plain text -- that novice security professionals should know to avoid.

In a statement, an IEEE spokeswoman today said the organization is aware of an incident regarding "inadvertent access to unencrypted log files containing user IDs and passwords."

"We have conducted a thorough investigation and the issue has been addressed and resolved. We are in the process of notifying those who may have been affected," the statement said.

The spokeswoman did not say how the data could be available on a public FTP server, or why it was stored in unencrypted fashion.

An IEEE alert to members ( available here) said that no financial information was exposed as a result of the error.

"However, it was theoretically possible for an unauthorized third party, using your ID and your password, to have accessed your IEEE account," the alert cautioned.

As a precautionary measure, IEEE has terminated access to accounts with current passwords and users will be required to create a new one next time they attempt to log into their accounts, the statement said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about security in Computerworld's Security Topic Center.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question