Passwords of 100k IEEE members lie bare on FTP server

Radu Dragusin isn't a member of the Institute of Electrical and Electronics Engineers (IEEE), but he enjoys reading the organization's journals.

So last week, he visited IEEE's FTP site, hoping to discover more articles, but instead found something far more alarming: the clear-text usernames and passwords of roughly 100,000 members from around the world.

Dragusin, a computer science researcher at the University of Copenhagen in Denmark, told SCMagazineUS.com on Tuesday that he opened a number of ZIP log files -- 100 gigabytes in total --  inside a folder labeled "Akamai," a company that IEEE uses for content delivery. The files chronicled whenever a member entered their username and password on the IEEE site, meaning they contained, among other things, the credentials, IP addresses and HTTP requests of the visitors. He estimates this information was publicly available for at least a month.