BreachExchange mailing list archives
WHO, Gates Foundation Credentials Dumped Online: Report
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 24 Apr 2020 09:10:06 -0500
https://www.databreachtoday.com/who-gates-foundation-credentials-dumped-online-report-a-14167 About 25,000 email addresses and passwords that are apparently for staff at the World Health Organization, the Gates Foundation, the U.S. National Institutes of Health and other organizations have been dumped online, according to the Washington Post. Credentials that appear to be for the U.S. Centers for Disease Control and Prevention, the World Bank and the Wuhan Institute of Virology in China were also dumped, the Post reports. The list was first spotted online by the SITE Intelligence Group, which says it tracks the activities of terrorist and extremists. The organization then shared the information with the Post. This list of credentials, which was circulated online starting earlier this week, is being used by extremists to hack into the accounts and harass those working at the organizations, says Rita Katz, SITE's executive director. The organiztion has been tracking the activities of these groups in chatrooms and online venues, she told the Post. It's not clear where the list came from, how it was compiled, or who posted it online. But Vice reports that it was able to verify that some of the email addresses and passwords worked. The credentials could have been obtained via previous data breaches or leaks, according to Vice. Katz told the Post that some far-right groups have been targeting organizations working on a vaccine and other healthcare initiatives related to the COVID-19. Rita Katz✔@Rita_Katz 1) BREAKING: Prominent Neo-Nazis group disseminating allegedly "hacked" emails from @gatesfoundation & @WHO, two partner orgs at front of #coronavirus fight. Data posted first to chan board & pasting site. @siteintelgroup/@SITE_CYBER currently investigating. [THREAD] 650 10:00 AM - Apr 21, 2020 Twitter Ads info and privacy 1,145 people are talking about this The list of email addresses and passwords appears to have been first posted on 4chan, an anonymous online forum that is popular with some far-right groups. From there, the list moved to text-storing site Pastebin as well as Twitter and a far-right channel on the messaging app Telegram, according to the Post. Only Some Credential Valid In a statement provided to Information Security Media Group, the World Health Organization says that of the approximately 2,700 WHO email addresses being circulated online, 457 were valid and active. "As a precaution, passwords have now been reset for the 457 users whose email addresses were exposed," according to the statement. Robert Potter, a cybersecurity researcher who is CEO of the Australian company Internet 2.0, wrote on Twitter that he was also able to confirm the authenticity of some of the WHO email addresses, and that hackers appeared to have dumped the credentials to encourage others to conduct a larger breach of the organization. Kent Liu@_mrkent · Apr 21, 2020 Replying to @rpotter_9 When did you verify those passwords worked? Do you believe hackers got any new info since covid outbreak? Robert Potter@rpotter_9 The attackers dumped the passwords to encourage a breach not because they themselves caused one. This is the cyber equivalent of chumming the water. 2 6:48 AM - Apr 22, 2020 Twitter Ads info and privacy See Robert Potter's other Tweets A Gates Foundation spokesperson tells ISMG: "We are monitoring the situation in line with our data security practices. We don't currently have an indication of a data breach at the foundation." A spokesperson for the National Institutes of Health declined to comment on the report. The CDC and World Bank could not be immediately reached for comment. *** Update (April 23, 2020): Cybersecurity reporters Nicole Perlroth of the New York Times, and Steve Ragan, said they found that at least a significant number of the dumped credentials are old, and harvested from previous data breaches. Nicole Perlroth✔@nicoleperlroth For those asking how you date/vet dumps: Most time consuming is matching dumped credentials with the dates orgs put password requirements in place, which dated them back years. Also @SteveD3 and I ran them through haveibeenpwned which showed signif. overlap with older breaches. https://twitter.com/nicoleperlroth/status/1252819365772197894 … Nicole Perlroth✔@nicoleperlroth I spent the vast majority of my day confirming the dumped usernames and passwords from WHO, Gates Foundation and NIH are from old, dated breaches of other companies. Someone went through all this trouble to pull their credentials off dumps from other hacks (1/3) 14 5:31 PM - Apr 22, 2020 Twitter Ads info and privacy _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- WHO, Gates Foundation Credentials Dumped Online: Report Destry Winant (Apr 24)