{"id":15346,"date":"2012-10-15T01:06:15","date_gmt":"2012-10-15T01:06:15","guid":{"rendered":"https:\/\/uniavisen.dk\/?p=15346\/"},"modified":"2017-01-23T11:36:07","modified_gmt":"2017-01-23T11:36:07","slug":"100000-password-revelation-was-a-coincidence","status":"publish","type":"post","link":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/","title":{"rendered":"100,000 password revelation was a coincidence"},"content":{"rendered":"

He was just trying to make things easier for himself: He needed to read the technology articles on his phone. This, according to Radu Dragusin, the University of Copenhagen, was when he stumbled upon the 100,000 password privacy disaster that hit the world\u2019s IT headlines.<\/p>\n

In an exclusive interview with the University Post, Radu Dragusin, a teaching assistant at the Department of Computer Science DIKU, talks about what happened when he discovered the potential security calamity.<\/p>\n

See the original story reported by University Post: 100,000 password disaster stopped by UCPH scientist.<\/a><\/p>\n

‘World’s largest’ embarrassment<\/h2>\n

\u00bbI thought to myself, this is just amazing, this is huge, I have to report this straight away\u00ab. <\/p>\n

This was Radu Dragusin\u2019s reaction when he first realized that IEEE, which claims to be \u2018the world\u2019s largest professional association dedicated to advancing technological innovation\u2019, had inadvertently compromised the personal information of thousands. He was messing around with his phone, when he discovered the breach.<\/p>\n

\u00bbI wanted to download these articles to my smart phone to read with ease, however this proved quite annoying and somewhat troubling to download, so I accessed the direct files using the FTP server to find the articles to download directly.\u00ab <\/p>\n

Suddenly, more personal info<\/h2>\n

An FTP (File Transfer Protocol) is used to transfer files from one host or to another host, such as the Internet. This old system is easily accessible to anyone in the know about how these things work.<\/p>\n

\u00bbI\u2019m thinking this is a bit of a long shot, but no problem if I try. So I looked for the latest modified folders and discovered a file that actually delivers content to customers worldwide. So I downloaded and decompressed one of the files and the data that was found included IP addresses, which I must say I found a bit weird. I decided to download it all to analyse the data.\u00ab <\/p>\n

What became clear quite quickly was that the data didn\u2019t just include IP addresses but also much more personal information, such as which Internet browsers users were using, such as Google Chrome and Firefox. <\/p>\n

Apple, NASA, US govt.<\/h2>\n

However, what Radu would stumble upon next really triggered his alarm bells.<\/p>\n

\u00bbHere we had usernames and passwords of individual users, accessible to anyone who knows how to use an FTP server. I believe there was something like 99,000 unique passwords and usernames compromised.\u00ab <\/p>\n

\u00bbRemember this isn\u2019t just everyday people using this site, it\u2019s big companies, militaries and governments. The e-mail addresses I was seeing ranged from Apple, NASA and the US government.
\nSo now I\u2019m wondering what I should do, because this needs to be taken seriously and needs to be highlighted because these scenarios are happening too often.\u00ab<\/p>\n

Radu went on to buy a domain and document his data findings via his blog, which you can read here.<\/a>. <\/p>\n

Nothing special about him<\/h2>\n

\u00bbWhen I think about it, I didn\u2019t do anything special. With a bit of knowledge anyone can do these things. It just so happened that it was me who stumbled upon this data.\u00ab<\/p>\n

A few days later IEEE contacted Radu thanking him for bringing it to their attention, but requested that he take down his information from his website, which they believed was invasive. <\/p>\n

\u00bbI was amazed by this, by that time there was already press coverage( including the University Post here<\/a>). There were also requests from the general public wanting passwords, saying things as directly as \u2018can I have the passwords\u2019 to \u2018I have a nice proposition for you\u2019, of course none of this was ever given out.\u00ab<\/p>\n

Privacy at stake, transperancy needed<\/h2>\n

\u00bbWhat I would like to get across is that I believe it is better to be open, and treat such breaches responsibly. Not only is people’s privacy at stake, but there is also the opportunity to make more individuals aware of the security concerns surrounding our online identities.\u00ab<\/p>\n

\u00bbIt is not clear what the best approach to treat such a breach would be. Of course the vulnerable entity, IEEE, should be notified to fix it, but this can be also a lesson to system developers and users as well.\u00ab<\/p>\n

\u00bbI strongly believe that it is good if aggregated breached data would be presented in a more meaningful way to users, so people can understand the importance of security, and the amount of information available about them.\u00ab<\/p>\n

universitypost@adm.ku.dk<\/p>\n

Stay in the know about news and events happening in Copenhagen by signing up for the University Post\u2019s weekly newsletter here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Copenhagen\u2019s hero of averted international password disaster was just trying to download clever articles on to his not-so-smart phone, he says<\/p>\n","protected":false},"author":12,"featured_media":15348,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[45],"tags":[],"class_list":["post-15346","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-international","expression-news_article"],"acf":[],"aioseo_notices":[],"yoast_head":"\n100,000 password revelation was a coincidence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"100,000 password revelation was a coincidence\" \/>\n<meta property=\"og:description\" content=\"Copenhagen\u2019s hero of averted international password disaster was just trying to download clever articles on to his not-so-smart phone, he says\" \/>\n<meta property=\"og:url\" content=\"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/\" \/>\n<meta property=\"og:site_name\" content=\"University Post\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/uniavis\" \/>\n<meta property=\"article:published_time\" content=\"2012-10-15T01:06:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-01-23T11:36:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1714\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"MIGRATED_ARTICLES FROM_OLD_SITE\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Uniavisen\" \/>\n<meta name=\"twitter:site\" content=\"@Uniavisen\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"MIGRATED_ARTICLES FROM_OLD_SITE\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/\"},\"author\":{\"name\":\"MIGRATED_ARTICLES FROM_OLD_SITE\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#\\\/schema\\\/person\\\/b4df0b22f9be3943039e58e94c400606\"},\"headline\":\"100,000 password revelation was a coincidence\",\"datePublished\":\"2012-10-15T01:06:15+00:00\",\"dateModified\":\"2017-01-23T11:36:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/\"},\"wordCount\":762,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/uniavisen.dk\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/radupicture.jpg\",\"articleSection\":[\"International\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/\",\"url\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/\",\"name\":\"100,000 password revelation was a coincidence\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/uniavisen.dk\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/radupicture.jpg\",\"datePublished\":\"2012-10-15T01:06:15+00:00\",\"dateModified\":\"2017-01-23T11:36:07+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#\\\/schema\\\/person\\\/b4df0b22f9be3943039e58e94c400606\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/#primaryimage\",\"url\":\"https:\\\/\\\/uniavisen.dk\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/radupicture.jpg\",\"contentUrl\":\"https:\\\/\\\/uniavisen.dk\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/radupicture.jpg\",\"width\":2560,\"height\":1714},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/100000-password-revelation-was-a-coincidence\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"100,000 password revelation was a coincidence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#website\",\"url\":\"https:\\\/\\\/uniavisen.dk\\\/\",\"name\":\"University Post\",\"description\":\"Independent of management\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/uniavisen.dk\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/uniavisen.dk\\\/#\\\/schema\\\/person\\\/b4df0b22f9be3943039e58e94c400606\",\"name\":\"MIGRATED_ARTICLES FROM_OLD_SITE\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b6c147fc36e92c08c95515aba962dbc89107ed33613c690182f7e243d0c0a2ab?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b6c147fc36e92c08c95515aba962dbc89107ed33613c690182f7e243d0c0a2ab?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b6c147fc36e92c08c95515aba962dbc89107ed33613c690182f7e243d0c0a2ab?s=96&d=identicon&r=g\",\"caption\":\"MIGRATED_ARTICLES FROM_OLD_SITE\"},\"url\":\"https:\\\/\\\/uniavisen.dk\\\/en\\\/author\\\/migrated_articles\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"100,000 password revelation was a coincidence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/","og_locale":"en_US","og_type":"article","og_title":"100,000 password revelation was a coincidence","og_description":"Copenhagen\u2019s hero of averted international password disaster was just trying to download clever articles on to his not-so-smart phone, he says","og_url":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/","og_site_name":"University Post","article_publisher":"https:\/\/www.facebook.com\/uniavis","article_published_time":"2012-10-15T01:06:15+00:00","article_modified_time":"2017-01-23T11:36:07+00:00","og_image":[{"width":2560,"height":1714,"url":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture.jpg","type":"image\/jpeg"}],"author":"MIGRATED_ARTICLES FROM_OLD_SITE","twitter_card":"summary_large_image","twitter_creator":"@Uniavisen","twitter_site":"@Uniavisen","twitter_misc":{"Written by":"MIGRATED_ARTICLES FROM_OLD_SITE","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/#article","isPartOf":{"@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/"},"author":{"name":"MIGRATED_ARTICLES FROM_OLD_SITE","@id":"https:\/\/uniavisen.dk\/#\/schema\/person\/b4df0b22f9be3943039e58e94c400606"},"headline":"100,000 password revelation was a coincidence","datePublished":"2012-10-15T01:06:15+00:00","dateModified":"2017-01-23T11:36:07+00:00","mainEntityOfPage":{"@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/"},"wordCount":762,"commentCount":0,"image":{"@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/#primaryimage"},"thumbnailUrl":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture.jpg","articleSection":["International"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/","url":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/","name":"100,000 password revelation was a coincidence","isPartOf":{"@id":"https:\/\/uniavisen.dk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/#primaryimage"},"image":{"@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/#primaryimage"},"thumbnailUrl":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture.jpg","datePublished":"2012-10-15T01:06:15+00:00","dateModified":"2017-01-23T11:36:07+00:00","author":{"@id":"https:\/\/uniavisen.dk\/#\/schema\/person\/b4df0b22f9be3943039e58e94c400606"},"breadcrumb":{"@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/#primaryimage","url":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture.jpg","contentUrl":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture.jpg","width":2560,"height":1714},{"@type":"BreadcrumbList","@id":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/uniavisen.dk\/en\/"},{"@type":"ListItem","position":2,"name":"100,000 password revelation was a coincidence"}]},{"@type":"WebSite","@id":"https:\/\/uniavisen.dk\/#website","url":"https:\/\/uniavisen.dk\/","name":"University Post","description":"Independent of management","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/uniavisen.dk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/uniavisen.dk\/#\/schema\/person\/b4df0b22f9be3943039e58e94c400606","name":"MIGRATED_ARTICLES FROM_OLD_SITE","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b6c147fc36e92c08c95515aba962dbc89107ed33613c690182f7e243d0c0a2ab?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b6c147fc36e92c08c95515aba962dbc89107ed33613c690182f7e243d0c0a2ab?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b6c147fc36e92c08c95515aba962dbc89107ed33613c690182f7e243d0c0a2ab?s=96&d=identicon&r=g","caption":"MIGRATED_ARTICLES FROM_OLD_SITE"},"url":"https:\/\/uniavisen.dk\/en\/author\/migrated_articles\/"}]}},"advancedCustomFields":{"layout_group":[{"acf_fc_layout":"Headline","use_post_title":true,"headline":"","style":"default","highlighted_words":"","text_size":"medium"},{"acf_fc_layout":"Image","image":{"ID":15348,"id":15348,"title":"radupicture","filename":"radupicture.jpg","filesize":292022,"url":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture.jpg","link":"https:\/\/uniavisen.dk\/en\/100000-password-revelation-was-a-coincidence\/radupicture\/","alt":"","author":"0","description":"","caption":"","name":"radupicture","status":"inherit","uploaded_to":15346,"date":"2017-01-19 09:08:19","modified":"2017-01-19 09:08:19","menu_order":0,"mime_type":"image\/jpeg","type":"image","subtype":"jpeg","icon":"https:\/\/uniavisen.dk\/wp-includes\/images\/media\/default.png","width":2560,"height":1714,"sizes":{"thumbnail":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture-150x150.jpg","thumbnail-width":150,"thumbnail-height":150,"medium":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture-480x321.jpg","medium-width":480,"medium-height":321,"medium_large":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture-768x514.jpg","medium_large-width":768,"medium_large-height":514,"large":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture-1280x857.jpg","large-width":1280,"large-height":857,"1536x1536":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture.jpg","1536x1536-width":1536,"1536x1536-height":1028,"2048x2048":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture.jpg","2048x2048-width":2048,"2048x2048-height":1371,"featured-soft":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture-290x194.jpg","featured-soft-width":290,"featured-soft-height":194,"featured-hard":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture-290x180.jpg","featured-hard-width":290,"featured-hard-height":180,"narrow":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture-700x469.jpg","narrow-width":700,"narrow-height":469,"extended":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture-990x663.jpg","extended-width":990,"extended-height":663}},"style":"screen","text_placement":"metadata-below","image_link_url":"","image_link_title":"","caption_prefix":"","enable_alternative_caption":false,"alternative_caption":""},{"acf_fc_layout":"Standfirst","subject":"","text":"Copenhagen\u2019s hero of averted international password disaster was just trying to download clever articles on to his not-so-smart phone, he says","use_post_excerpt":false},{"acf_fc_layout":"Byline","is_author":false,"contributors":[{"use_registered_user":false,"user":false,"contributor_name":"Andrew Bartle","contributor_title":" ","contributor_image":false}]},{"acf_fc_layout":"Content","content":"<p>He was just trying to make things easier for himself: He needed to read the technology articles on his phone. This, according to Radu Dragusin, the University of Copenhagen, was when he stumbled upon the 100,000 password privacy disaster that hit the world\u2019s IT headlines.<\/p>\n<p>In an exclusive interview with the University Post, Radu Dragusin, a teaching assistant at the Department of Computer Science DIKU, talks about what happened when he discovered the potential security calamity.<\/p>\n<p>See the original story reported by University Post: <a href=\"node\/%2016417\"> 100,000 password disaster stopped by UCPH scientist.<\/a><\/p>\n<h2>‘World’s largest’ embarrassment<\/h2>\n<p>\u00bbI thought to myself, this is just amazing, this is huge, I have to report this straight away\u00ab. <\/p>\n<p>This was Radu Dragusin\u2019s reaction when he first realized that IEEE, which claims to be \u2018the world\u2019s largest professional association dedicated to advancing technological innovation\u2019, had inadvertently compromised the personal information of thousands. He was messing around with his phone, when he discovered the breach.<\/p>\n<p>\u00bbI wanted to download these articles to my smart phone to read with ease, however this proved quite annoying and somewhat troubling to download, so I accessed the direct files using the FTP server to find the articles to download directly.\u00ab <\/p>\n<h2>Suddenly, more personal info<\/h2>\n<p>An FTP (File Transfer Protocol) is used to transfer files from one host or to another host, such as the Internet. This old system is easily accessible to anyone in the know about how these things work.<\/p>\n<p>\u00bbI\u2019m thinking this is a bit of a long shot, but no problem if I try. So I looked for the latest modified folders and discovered a file that actually delivers content to customers worldwide. So I downloaded and decompressed one of the files and the data that was found included IP addresses, which I must say I found a bit weird. I decided to download it all to analyse the data.\u00ab <\/p>\n<p>What became clear quite quickly was that the data didn\u2019t just include IP addresses but also much more personal information, such as which Internet browsers users were using, such as Google Chrome and Firefox. <\/p>\n<h2>Apple, NASA, US govt.<\/h2>\n<p>However, what Radu would stumble upon next really triggered his alarm bells.<\/p>\n<p>\u00bbHere we had usernames and passwords of individual users, accessible to anyone who knows how to use an FTP server. I believe there was something like 99,000 unique passwords and usernames compromised.\u00ab <\/p>\n<p>\u00bbRemember this isn\u2019t just everyday people using this site, it\u2019s big companies, militaries and governments. The e-mail addresses I was seeing ranged from Apple, NASA and the US government.<br \/>\nSo now I\u2019m wondering what I should do, because this needs to be taken seriously and needs to be highlighted because these scenarios are happening too often.\u00ab<\/p>\n<p><a href=\"http:\/\/ieeelog.com\/\" target=\"_blank\">Radu went on to buy a domain and document his data findings via his blog, which you can read here.<\/a>. <\/p>\n<h2>Nothing special about him<\/h2>\n<p>\u00bbWhen I think about it, I didn\u2019t do anything special. With a bit of knowledge anyone can do these things. It just so happened that it was me who stumbled upon this data.\u00ab<\/p>\n<p>A few days later IEEE contacted Radu thanking him for bringing it to their attention, but requested that he take down his information from his website, which they believed was invasive. <\/p>\n<p>\u00bbI was amazed by this, by that time there was already press coverage(<a href=\"node\/%2016417\"> including the University Post here<\/a>). There were also requests from the general public wanting passwords, saying things as directly as \u2018can I have the passwords\u2019 to \u2018I have a nice proposition for you\u2019, of course none of this was ever given out.\u00ab<\/p>\n<h2>Privacy at stake, transperancy needed<\/h2>\n<p>\u00bbWhat I would like to get across is that I believe it is better to be open, and treat such breaches responsibly. Not only is people’s privacy at stake, but there is also the opportunity to make more individuals aware of the security concerns surrounding our online identities.\u00ab<\/p>\n<p>\u00bbIt is not clear what the best approach to treat such a breach would be. Of course the vulnerable entity, IEEE, should be notified to fix it, but this can be also a lesson to system developers and users as well.\u00ab<\/p>\n<p>\u00bbI strongly believe that it is good if aggregated breached data would be presented in a more meaningful way to users, so people can understand the importance of security, and the amount of information available about them.\u00ab<\/p>\n<p>universitypost@adm.ku.dk<\/p>\n<p><em>Stay in the know about news and events happening in Copenhagen by <a href=\"http:\/\/universitypost.dk\/newsletter\" target=\"_blank\">signing up for the University Post\u2019s weekly newsletter here<\/a>.<\/em><\/p>\n"},{"acf_fc_layout":"ArticleEnd"},{"acf_fc_layout":"OtherStories","headline":"","hand_picked_posts":false,"references":false,"category":false,"theme":false,"number_of_posts":"4","style":"default"}]},"taxonomyData":{"category":[{"term_id":45,"name":"International","slug":"international","term_group":0,"term_taxonomy_id":45,"taxonomy":"category","description":"","parent":0,"count":315,"filter":"raw"}],"post_tag":[],"post_format":[],"expression":[{"term_id":15,"name":"News Article","slug":"news_article","term_group":0,"term_taxonomy_id":15,"taxonomy":"expression","description":"","parent":0,"count":11492,"filter":"raw"}],"translation_priority":[]},"featured_media_url":"https:\/\/uniavisen.dk\/wp-content\/uploads\/2012\/10\/radupicture-1280x857.jpg","_links":{"self":[{"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/posts\/15346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/comments?post=15346"}],"version-history":[{"count":1,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/posts\/15346\/revisions"}],"predecessor-version":[{"id":35378,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/posts\/15346\/revisions\/35378"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/media\/15348"}],"wp:attachment":[{"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/media?parent=15346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/categories?post=15346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/uniavisen.dk\/en\/wp-json\/wp\/v2\/tags?post=15346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}