Hack found security lacking in FTP upload.
A Romanian researcher has discovered a major data protection breach evident on the Institute of Electrical and Electronics Engineers (IEEE) that exposed the usernames and passwords for almost 100,000 members of the site.
According to reports, the IEEE boasts around 400,000 members with a long tradition of enforcing technical standards across the electronics industry. But claims made about its web server maintenance suggest as many as a quarter of users could have their sensitive data accessed easily and in plaintext thanks to a FTP server error.
"The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery," said Radu Dragusin from the University of Copenhagan. "Among the almost 100,000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places."
While the IEEE were not available for comment, the case does highlight the need for companies holding the sensitive data of high-profile individuals to keep access rights restricted and protect the records of their users.
As Agilent Technologies vice president Torsten George notes, the most concerning fact about the breach was that the data was so immediately readable in plaintext form – it wasn’t encrypted in any way.
"This is something today that really shouldn’t occur," he told ComputerWorld.
A recent survey by the Cloud Industry Forum found that while cloud uptake was on the rise among UK businesses of all sizes, many private and public sector IT decision-makers were still hesitant to migrate to the cloud due to security concerns.
What the IEEE hack shows is that sloppy FTP maintenance can leave your data exposed, whereas backing up files and information in the cloud and trusting the security measures of an expert third-party company is a more reliable way to keep your data safe.