12 January 2021

United Nations data breach exposed over 100K employee records


United Nations data breach exposed over 100K employee records

Security researchers at Sakura Samurai have discovered a vulnerability related to the United Nations databases, which allowed them to access over 100,000 personal records and credentials belonging to U.N. employees.

The research team has discovered the breach while looking for security issues to report to the UN under its vulnerability disclosure program. During their analysis the researchers found an exposed subdomain for UN body the International Labour Organization (ILO) that was leaking .git contents, including Git credentials. Using these credentials the team was able to takeover a legacy MySQL database and a survey management platform belonging to the International Labour Organization. Exfiltration of these credentials was done with the help of the git-dumper tool.

While the MySQL database and the survey management platform were fairly abandoned in nature and contained hardly anything of use, researchers found a subdomain on the United Nations Environment Programme (UNEP) that was also leaking GitHub credentials.

“Ultimately, once we discovered the GitHub credentials, we were able to download a lot of private password-protected GitHub projects and within the projects we found multiple sets of database and application credentials for the UNEP production environment. In total, we found 7 additional credential-pairs which could have resulted in unauthorized access of multiple databases,” the researchers said.

In total, the team found over 100,000 employee records including names, ID numbers, gender, pay grade, records of travel details, work sub-areas and departments, evaluation reports and funding source records.

The researchers told Bleeping Computer that they contacted U.N. over the issue on January 4, 2021, and the vulnerability was patched within a week.

Back to the list

Latest Posts

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

Cybercriminals use VoIP platforms to target company employees.
19 January 2021
IObit forum hacked in a DeroHE ransomware attack

IObit forum hacked in a DeroHE ransomware attack

It is unknown, how the hackers managed to compromise the forum, but it is possible that they gained access to an administrative account.
19 January 2021
OpenWrt Project discloses data breach

OpenWrt Project discloses data breach

The hackers gained access to an administrator account on the OpenWrt forum and stole a copy of the user list.
19 January 2021