updated 11:41 am EDT, Wed September 26, 2012
Apple, Samsung, Google engineer details in security breach
A researcher has discovered a security breach at a large professional organization for computer engineers. The Institute of Electrical and Electronics Engineers (IEEE) had left unencrypted usernames, passwords and activity of almost 100,000 of its members publicly viewable on an FTP server for the last month. Engineers from Apple, Google, IBM, Samsung, and NASA were affected, among others.
Radu Dragusin, a recent graduate and teaching assistant at the University of Copenhagen, discovered 100 gigabytes of site logs, with the 99,979 unique usernames found within forming a quarter of the membership. The logs also recorded over 376 million web requests for the month for all ieee.org addresses.
The fact that the passwords were kept in plain text allowed Dragusin to compile a list of the most commonly used passwords by the engineers. The number "123456" was found to be used as a password in 271 accounts, while "12345678" was used in 246, "123456789" in 222 accounts, and "password" in 109 cases.
The IEEE is taking action on the breach, which it has been alerted to as of September 24th. “We have conducted a thorough investigation and the issue has been addressed and resolved. We are in the process of notifying those who may have been affected,” said an IEEE spokeswoman in a statement. [via Ars Technica]