Romanian computer scientist Radu Dragusin stumbled across publicly readable uploads on the IEEEs FTP server. The organisation was using its upload server as a drop location for log files. The logs recorded details of nearly 400,000,000 HTTP requests. The log data had been publicly available whether anyone had accessed it or not for at least a month. By 25 September 2012, IEEE had performed a password reset and notified affected users. It’s not just worthwhile to encrypt Personally Identifiable Information (PII) but it’s your moral (and in some jurisdictions, your legal) duty.”]
Source: https://nakedsecurity.sophos.com/2012/09/26/ieee-squirms-after-sensational-security-spill/