1165 København K
Tlf: 35 32 28 98 (mon-thurs)
100,000 computer passwords apocalypse averted by a University of Copenhagen scientist
Publishing more than 100 peer-reviewed journals and producing 30 per cent of the world’s specialized literature, the US-based Institute for Electrical and Electronic Engineers (IEEE) should have the proper instruments to protect their users’ data.
But something went wrong, and it was first noticed by Radu Dragusin, a teaching assistant at the Department of Computer Science DIKU, at the University of Copenhagen.
The log-in data of around 100,000 users was available on the IEEE website some time before mid September, when Dragusin noticed the error. After publishing the discovery on his blog, he contacted the organization, and now the problem is fixed. Dragusin said he did not make the ‘raw data’ available to anyone but IEEE.
Passwords and usernames were available to anyone typing the address of the IEEE server logs file in their browser, where every page request is recorded. Server logs contain information that can be used to identify users, and should always be kept private.
Among the compromised users are Apple, Google, IBM’s and other companies’ engineers as well as researchers from Stanford and NASA.
Mr. Dragusin holds a Master’s from the University of Copenhagen. Besides teaching he is working at FindZebra, an online service to efficiently browse the medical literature.
Stay in the know about news and events happening in Copenhagen by signing up for the University Post’s weekly newsletter here.