IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100.000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places. I did not and will not make the raw data available to anyone else.

Read more at: http://ieeelog.com/

http://static.squarespace.com/static/505c587984aead8d3fc2dc17/t/506081b6e4b0a01995635b20/1348501949598/?format=1500w

​All compromised IEEE members plotted on the World map. (IP geolocation)


Not good news at all....

Really, I'd have expected better of IEEE, but for some reason this doesn't surprise me AT ALL.

I just don't understand why anyone would decide to store passwords in plaintext or co-operate with someone who wanted to do so, you'd have to be absolutely stupid to do so and definitely not fit to work in any fields remotely related to security.

I get less and less surprised the more this happens. It's like they don't even care about security anymore.

why were they stored in plain ******* text wat are you doing ieee

why were they stored in plain ******* text wat are you doing ieee

Because they neglected to attend their first CS class in University where the very first thing you learn is to not be stupid and store passwords insecurely.