The world’s largest professional organization of engineers exposed nearly 100,000 passwords of its members on a publicly available server, a computer scientist in Denmark reported today. But many of the eggheaded engineers had passwords just as obvious and insecure as the rest of us.
The Institute of Electrical and Electronics Engineers just confirmed the incident in an email to me, apologizing for the breach and saying “the issue has been addressed and resolved.” Radu Dragusin, the programmer who first discovered the exposed passwords, usernames, and other information, published a fascinating analysis of the data at ieeelog.com, including some maps of IEEE’s far-flung members. But I fixated on his list of the most common passwords:
There’s an argument to be made that certain passwords, like those you might use to log into a professional organization’s website, shouldn’t be as secure as, say, an email password. An engineer using “123456” to log into the IEEE’s website may look silly but probably doesn’t have to worry about their more important accounts, which should have stronger passwords. Still, “password” and “abcd1234″ are generally inadvisable passwords, no matter what. And it’s striking that the most popular passwords among these engineers are similar to a larger set of passwords from Yahoo users that were exposed this summer.