100,000 ieee.org passwords have been in the public domain for a month

Due to the oversight of administrators, ieee.org and spectrum.ieee.org web server logs , including logins and passwords in clear text, were available for at least a month at ftp.ieee.org/uploads/akamai (hole closed 24 September). Information about more than 376 million HTTP requests was stored in the logs, 411,308 of which contained login-password pairs. 99 979 of them were unique. Among the victims - a lot of employees of Apple, Google, IBM, Oracle, Samsung, NASA, Stanford University and many other companies and organizations that are members of the international association IEEE .

The leak was discovered by the Romanian hacker Radu Dragusin. The total volume of logs was about 100 gigabytes. He analyzed the files and reported the vulnerability to IEEE. He did not publish and is not going to publish the passwords received. He published the results of the analysis of the logs on the site ieeelog.com , specially created for this purpose.