Around 25,000 email addresses and corresponding passwords
belonging to the World Health Organization (WHO), the Gates Foundation, and a
number of others organizations were leaked online. The source of the leak remains
According to a Washington Post report, the discovery was
made by the SITE Intelligence Group, a non-profit organization that keeps a
close eye on the online activity of white supremacists and jihadist
organizations. As soon as the data appeared online, it was put to use by
various far-right groups.
It’s still unclear where the data leak comes from as none
of the affected organizations acknowledged suffering a data breach. The initial
data was posted on 4chan, via Pastebin, then spread on other online forums.
“Neo-Nazis and white supremacists capitalized on the
lists and published them aggressively across their venues,” said
Rita Katz, SITE’s executive director. “Using the data, far-right extremists
were calling for a harassment campaign while sharing conspiracy theories about
the coronavirus pandemic. The distribution of these alleged email credentials
were just another part of a months-long initiative across the far right to
weaponize the covid-19 pandemic.”
The credentials come from a wide variety of sources,
including the World Bank, the National Institutes of Health, The Centers for
Disease Control and Prevention, and others, all implicated in efforts to curb
the spread of the COVID-19 epidemic.
The online organization that confirmed the incident,
alongside the Gates Foundation, was the World Health Organization, which said
that they had 6,835 exposed credentials, but only 457 were active and still
valid. There was no indication of an exploit, and many of these organizations
have multiple layers of protection, including multi-factor authentication.
Still, the passwords of all affected WHO personnel were reset as a precaution.
Interestingly, just a few weeks ago, a phishing campaign designed to target WHO employees specifically was unveiled. The authorities were aware of the attempts and took the appropriate actions almost immediately, but there was a clear interest in obtaining those credentials.
Here at Bitdefender we focus on protecting your devices from malicious activity and threats of all kinds. Now more than ever, we need autonomy and safety as we interact with the world through our internet-enabled devices. That’s why we have extended the trial for our best security suite, ensuring that you can take care of your family’s devices for up to 90 days. If you’re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?