IEEE confirms data breach and notifies members of the breach and informs them to change their passwords. Nearly 100,000 usernames and passwords kept in plaintext were publicly available on an IEEE FTP server.

Among those compromised are users from Apple, Google, IBM, Oracle, Samsung as well as researchers from NASA, Stanford and many other places. Romanian researcher Radu Dragusin reports that data from the Institute of Electrical and Electronics Engineers (IEEE) was kept on an unsecured FTP server for “at least one month” previous to his discovery. The Institute of Electrical and Electronics Engineers (IEEE) is a professional association headquartered in New York City that is dedicated to advancing technological innovation and excellence. It has more than 400,000 members in more than 160 countries. It’s renowned as one of the world-leading organizations in standard development and the promotion of scientific and educational development within the Electrical, Electronics, Communications, Computer Engineering, Computer Science and related fields.

By the nature of the organization, IEEE members are highly specialised individuals, many of them working in critical industry, governmental and military projects. Furthermore, it would be reasonable to assume, that an organization publishing leading security-focused publications [2], would value the privacy of its members, and be proactive in keeping their data secure.

Many members of the IEEE choose terrible passwords. Combinations such as “123456?, “123456789? and “password” were all very common, with literally hundreds of instances of their use. Additionally, over 100 GB of server logs were available, showing everything that occurred on the IEEE blog at http://spectrum.ieee.org.

Dragusin has a full report on ieeelog.com. The two big takeaways are of course pick strong passwords and make sure your servers are locked down!

Full report: IEEE Log