Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

100,000 Passwords of IEEE Members Exposed

IT News Today: 100K IEEE Passwords Exposed, IBM Takes Cloud Services Downmarket, Cisco Extends Cloud Builder Program

100,000 Passwords of IEEE Members Exposed100,000 Passwords of IEEE Members ExposedIEEE has confirmed the breach and access to unencrypted log files, but told its members that no financial information was made accessible.

In its statement, IEEE conceded that it was "theoretically possible" for an unauthorized party to access user accounts, which prompted the organization to prevent access to any account using current passwords. As a result, users will have to re-authenticate themselves by answering security questions.

Radu Dragusin, who claims to have discovered the vulnerability on September 18, said that the issue affected engineers from "Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places." He believes that 100 GB of logs were in the open via the URL for "at least one month".

The data contains more than 411,000 log entries with 99,979 individual user names.

The vulnerability was fixed shortly after Dragusin says he reported it to the IEEE on September 24.

Click here to go back to IT News ToC

Wolfgang Gruener is a contributor to Tom's IT Pro. He is currently principal analyst at Ndicio Research, a market analysis firm that focuses on cloud computing and disruptive technologies, and maintains the blog. An 18-year veteran in IT journalism and market research, he previously published TG Daily and was managing editor of Tom's Hardware news, which he grew from a link collection in the early 2000s into one of the most comprehensive and trusted technology news sources.

See here for all of Wolfgang's Tom's IT Pro articles.