Data Breach Reveals 100k IEEE.org Members' Plaintext Passwords 160
First time accepted submitter radudragusin writes "IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100.000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places. I did not and will not make the raw data available, but I took the liberty to analyse it briefly."
Finally! (Score:5, Insightful)
For God's Sake (Score:0, Insightful)
when are we going to all start hashing and salting passwords? It takes virtually no effort to do.
Secure password message falls on deaf ears (Score:5, Insightful)
You'd think that people involved with the IEEE are a group that should know better, and yet the most common passwords according to the analysis reads like the usual suspects list from other breaches. They're still common, easily guessable passwords. Hashing wouldn't have protected them very long, as these are on the short list for any cracking program to test.
It should be a wake up call that our current methods of trying to get users to pick secure passwords are a total failure. We need to go back to the drawing board and figure out a better way to get the message across, including tools to make it easy for people to get it right.
Re:For God's Sake (Score:3, Insightful)
Well they are normally transmitted plain text so why shouldn't they be logged in plain text too?
Re:posting the most used passwords is probably bad (Score:4, Insightful)
Well with the exception of "SUNIV358", which is something of an outlier, the rest are all pretty standard passwords that you'd expect to see in any dataset like this
It appears to be unguareded data not breach (Score:4, Insightful)
Re:Finally! (Score:5, Insightful)
Yeah, but the "most used passwords" should really be a bar graph not a line graph. It's not like the midpoint between "ADMIN123" and "IEE2012" makes any sense.