WHO confirms credentials leak included staff working on COVID-19 response


The World Health Organization (WHO) said the recent leak of 450 active WHO email addresses and passwords along with credentials of thousands working on the response to the coronavirus pandemic didn’t put the organization’s systems at risk.

Explaining that its systems were largely spared because “the data was not recent,” WHO said in a release that “the attack did impact an older extranet system, used by current and retired staff as well as partners.”

Credentials from WHO, the CDC and Gates Foundation recently started making their way onto the likes of 4chan, Pastebin and Twitter, with the latter taking steps to remove them earlier this week.

“The common ‘covid’ nature of the organizations targeted strongly suggests that they are old credentials that have been bundled to take advantage of” the pandemic, said Lucy Security CEO Colin Bastable, explaining that the credentials likely came from previous breaches where people used work emails on compromised third-party sites like hotel bookings and reward programs.

The global health group’s prominent role in responding to the spread of COVID-19 has made it a prime target for scammers. “The number of cyberattacks is now more than five times the number directed at the Organization in the same period last year,” WHO said. 

“The leaks may also be tied to political hostility to the Gates Foundation’s work on vaccinations and its participation in an October 2019 pandemic wargaming session, Event 201,” Bastable said. “So this ‘leak’ may be a politically motivated action designed to capitalize on the WHO’s woes and [Microsoft founder Bill] Gates’s drive to promote his Foundation’s vaccines combined with tech-based lockdown ‘passports.’”

WHO said it “is now migrating affected systems to a more secure authentication system” and is “working with the private sector to establish more robust internal systems and to strengthen security measures and is educating staff on cybersecurity risks.” 

While Craig Cooper, COO of Gurucul, said “it’s truly heartbreaking to have to divert resources from saving lives to saving PII data of WHO staff” at a time when the health of people around the globe is at risk, he maintained the leak “reinforces the need for every organization to secure their systems and data on a continuous basis with modern cyber defenses.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.