Email, Password Details of Nearly 25,000 Employees at WHO, CDC, NIH Dumped Online: Report

It’s unclear whether the alleged credentials were leaked through a breach of official systems or a part of an earlier data breach.

Share on Facebook Tweet Snapchat Share Reddit Comment
Email, Password Details of Nearly 25,000 Employees at WHO, CDC, NIH Dumped Online: Report

Some of the email addresses and passwords have been spread online

Highlights
  • SITE Intelligence Group has found the dumped data
  • Some email addresses and passwords were spread through Twitter
  • WHO has confirmed the incident in a statement

Around 25,000 email addresses and passwords allegedly related to the employees at health organisations the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC), the National Institutes of Health (NIH), and the Bill & Melinda Gates Foundation among others working to fight the coronavirus outbreak were dumped online, according to a media report. Some unknown activists have also spread the credentials online via Twitter. The new revelation has emerged amid the COVID-19 pandemic that has impacted millions of individuals all across the globe.

SITE Intelligence Group, the non-governmental organisation (NGO) that tracks the online activities of extremist groups, found the dumped data and reported its spread on the Web, according to the Washington Post. There isn't any clarity whether the data was leaked through a breach of official systems or a part of an earlier data breach. The NGO was also not able to verify the authenticity of email addresses and passwords.

However, the group did reportedly mention that some hacks were attempted almost immediately after receiving the information on Sunday and Monday this week. The paper also quoted an Australian cyber-security expert who was able to verify the WHO email addresses and passwords and said that the alleged data might have been purchased from some dark Web vendors.

Some credentials, whose origins weren't clear, were initially posted to text storage portal Pastebin. A link to that data was also reportedly made public on Twitter and some far-right extremist channels on Telegram.

The group reportedly said that the largest group of purported data was from the NIH, with over 9,900 accounts found on online listings. That was followed by the alleged emails and passwords from the CDC and WHO.

“We are always working to ensure optimal cyber safety and security for NIH and take appropriate action to address threats or concerns. We do not comment on specific cyber-security matters, as such such information could be used to undertake malicious activities,” the NIH said in a statement issued pertaining to the matter, as quoted by the paper.

The WHO also released a statement confirming the incident reported by SITE and cited even a higher number of exposed credentials than the 6,835 number mentioned in the report. However, the agency responsible for international public health said that only 457 of the total exposed data were active and valid, and none of those were compromised. It also reset the passwords for the affected users as a precautionary measure.

The Gates Foundation, on the other hand, said that it didn't have an indication of a data breach. “We are monitoring the situation in line with our data security practices,” it said in a separate statement.

Since some data has been spread through Twitter, the microblogging network is taking down the URLs suspected to spread the information online.

“We're aware of this account activity and are taking widespread enforcement action under our rules, specifically our policy on private information,” said Twitter spokeswoman Katie Rosborough.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jagmeet Singh Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
HP India Offering Free Remote Assistance to PC Users of All Brands During Lockdown
NASA Releases Stunning New Moon Map to Help Future Missions
© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com