However, the biggest problem has been with the deletion of user files located in the C:/Users/[username]/Documents/ folder.
First off, the original mail went to 13,000 users. Assuming that 1,000 of those 13,000 users replied, that means that there are 1,000 replies being sent to those 13,000 users. And it turns out that a number of these people had their email client set to request read receipts and delivery receipts. Each read and delivery receipt causes ANOTHER email to be sent from the recipient back to the sender (all 13,000 recipients). Assuming that 20% of the 1,000 users replying had read receipts or delivery receipts set, that meant that every one of the message that they sent caused another message to be sent for every one of the 13,000 recipients. So how many messages were sent?
Source: Me Too! – You Had Me At EHLO…
The files contain information on over 120,000 offshore entities — including shell corporations and legal structures known as trusts — involving people in over 170 countries. The leak amounts to 260 gigabytes of data, or 162 times larger than the U.S. State Department cables published by WikiLeaks in 2010.
NASA spokesman Josh Byerly said something went wrong around 9:45 a.m. EST Tuesday during a computer software update on the station. The outpost abruptly lost all communication, voice and command from Houston.
“It is certainly unfortunate this information was leaked out, and who knows who got it before it got fixed,” Dragusin wrote. Elsewhere in the post he said: “If leaving an FTP directory containing 100GB worth of logs publicly open could be a simple mistake in setting access permissions, keeping both usernames and passwords in plaintext is much more troublesome.”
Update: An IEEE spokeswoman emailed the following statement: “IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. We have conducted a thorough investigation and the issue has been addressed and resolved.
Of all groups that have membership websites which store passwords, IEEE would be the last on a list I would suspect to have something like this happen.
Our editorial team and content monitors almost immediately noticed a flood of livid Twitter messages about the ban and attempted to restore the broadcast. Unfortunately, we were not able to lift the ban before the broadcast ended. We had many unhappy viewers as a result, and for that I am truly sorry.
When you deploy on Amazon Web Services with Elastic Load Balancers, you need to assume that random (untrusted) sources are reading client requests to your server (inbound traffic).