Passwords for WHO, CDC, Gates Foundation employees reportedly spread online
WHO says the data wasn't recent, and only affected only one older system.
Laura HautalaFormer Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
ExpertiseE-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking.Credentials
2022 Eddie Award for a single article in consumer technology
SITE Intelligence Group, which reports on the activities of extremist groups from all over the world, found the data and reported its spread, according to the paper. It's unclear whether the data came from breaches of systems belonging to the affected groups or from earlier data breaches of other systems. An Australian security researcher told the Post that the WHO passwords worked to log into employees' emails. Email and password combinations for people at the Wuhan Institute of Virology, a facility near the Chinese city where the disease was discovered, also circulated online.
The spread of the information comes as the world battles COVID-19, a potentially deadly respiratory disease caused by the novel coronavirus. More than 2.6 million cases of the disease have been confirmed around the world, killing more more than 182,000 people, according to Johns Hopkins University.
The WHO said on Thursday that the impact of the data exposure was limited. The data wasn't recent and only impacted one older system, the organization said in a press release. The WHO said it's seen five times as many hacking attempts directed at its staff as last year, as well as high numbers of scam emails aimed at the public and purporting to come from the organization.
"Ensuring the security of health information for Member States and the privacy of users interacting with us is a priority for WHO at all times, but also particularly during the COVID-19 pandemic," said Bernardo Mariano, the agency's chief information officer, in a statement. "We are all in this fight together."
The CDC and the World Bank, which was also reportedly affected, didn't respond to requests for comment. The NIH declined to comment specifically on the incident, but said, "We are always working to ensure optimal cyber safety and security for NIH and take appropriate action to address threats or concerns."
The Gates Foundation said it is monitoring the situation. "We don't currently have an indication of a data breach at the foundation," the organization said in a statement. The Wuhan Institute of Virology didn't respond to a request for comment.
CNET found archived versions of some of the data. According to the Post, a neo-Nazi group has been sharing the information on Twitter and encouraging people to use the data to harass employees of the affected organizations. Twitter said it's doing bulk takedowns of URLs that attempt to spread the data.
Watch this: Here's how scammers are using the coronavirus to cash in
Fighting coronavirus: COVID-19 tests, vaccine research, masks, ventilators and more