Ethical Hackers Breach U.N., Access 100,000 Private Records

This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.

Complete Story

01/13/2021

Ethical Hackers Breach U.N., Access 100,000 Private Records

Threat Post

Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program.

Security researchers successfully hacked the United Nations, accessing user credentials and personally identifiable information (PII)–including more than 100,000 private employee and project records—before informing the U.N. about the problem through the organization’s vulnerability disclosure program.

Ethical hackers from the research group Sakura Samurai used a vulnerability in a GitHub directory that exposed WordPress DB and GitHub credentials, allowing access to numerous private records from the U.N.’s Environment Program (UNEP).

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information