Want CNET to notify you of price drops and the latest stories?

Leaked WHO, CDC passwords likely spread by US conspiracy theorist, report says

The email login information appears to be from breached data first put online in 2016.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read

SITE Intelligence Group said Wednesday that it believes the person who shared public health workers' passwords also ran social media accounts promoting conspiracy theories about the coronavirus.

James Martin/CNET

A person in the US who's promoted conspiracy theories is likely the source of nearly 25,000 leaked email addresses and passwords for employees of public health organizations helping fight the novel coronavirus, according to a report Wednesday. SITE Intelligence Group, an organization that tracks extremist activity around the world, said it couldn't identify the person, but that the addresses and passwords appeared to come from breached data first posted on the internet in 2016, according to The Washington Post.

SITE didn't immediately respond to a request for comment. The organization reported the leaked data earlier this month. The affected public health organizations included the World Health Organization, the Centers for Disease Control and Prevention, the National Institutes of Health and the Bill & Melinda Gates Foundation.

The data appears to come from a larger set of breached information, SITE reportedly said. Such data sets are often compiled from several data breaches and then posted and reposted for years on dark corners of the internet. This makes it difficult to know how current leaked data is, or which company or organization it came from, when it surfaces online. Attackers will often try breached passwords on several websites to try to log in. If people have reused a password for multiple accounts, they're vulnerable to getting breached by these attacks, as happened when hackers logged in to Ring cameras in peoples' homes in December.

After the initial report about the leaked passwords, WHO said it had seen a spike in attempted hacks on its employees, as well as fraudulent emails sent by hackers posing as WHO employees. The leaked password information affected only one older system at the WHO, the organization said. The Bill & Melinda Gates Foundation said it was monitoring the situation but that it didn't believe this was the result of a breach of its systems. The NIH said cybersecurity is a priority in the organization. The CDC didn't respond to a request for comment.

SITE's assessment that the data came from someone in the US is based on the discovery of multiple linked social media accounts connected to the poster, according to the Post. The accounts shared views that the coronavirus pandemic was being exaggerated by public health groups and the media.

"In line with these views, the uploader sought to encourage other users to log into the email addresses to uncover these perceived lies and secrets," Rita Katz, executive director of SITE, told the Post.

Watch this: Coronavirus drug shows 'clear-cut' evidence of faster recovery, Dr. Fauci says

Our new reality now that coronavirus has sent the world online

See all photos