COVID-19 , Cybercrime , Fraud Management & Cybercrime

WHO, Gates Foundation Credentials Dumped Online: Report

NIH, CDC, World Bank Among the Other Organizations Apparently Affected
WHO, Gates Foundation Credentials Dumped Online: Report

About 25,000 email addresses and passwords that are apparently for staff at the World Health Organization, the Gates Foundation, the U.S. National Institutes of Health and other organizations have been dumped online, according to the Washington Post.

Credentials that appear to be for the U.S. Centers for Disease Control and Prevention, the World Bank and the Wuhan Institute of Virology in China were also dumped, the Post reports. The list was first spotted online by the SITE Intelligence Group, which says it tracks the activities of terrorist and extremists. The organization then shared the information with the Post.

See Also: Malware Analysis Spotlight: Why Your EDR Let Pikabot Jump Through

This list of credentials, which was circulated online starting earlier this week, is being used by extremists to hack into the accounts and harass those working at the organizations, says Rita Katz, SITE's executive director. The organiztion has been tracking the activities of these groups in chatrooms and online venues, she told the Post.

It's not clear where the list came from, how it was compiled, or who posted it online. But Vice reports that it was able to verify that some of the email addresses and passwords worked. The credentials could have been obtained via previous data breaches or leaks, according to Vice.

Katz told the Post that some far-right groups have been targeting organizations working on a vaccine and other healthcare initiatives related to the COVID-19.

The list of email addresses and passwords appears to have been first posted on 4chan, an anonymous online forum that is popular with some far-right groups. From there, the list moved to text-storing site Pastebin as well as Twitter and a far-right channel on the messaging app Telegram, according to the Post.

Only Some Credential Valid

In a statement provided to Information Security Media Group, the World Health Organization says that of the approximately 2,700 WHO email addresses being circulated online, 457 were valid and active. "As a precaution, passwords have now been reset for the 457 users whose email addresses were exposed," according to the statement.

Robert Potter, a cybersecurity researcher who is CEO of the Australian company Internet 2.0, wrote on Twitter that he was also able to confirm the authenticity of some of the WHO email addresses, and that hackers appeared to have dumped the credentials to encourage others to conduct a larger breach of the organization.

A Gates Foundation spokesperson tells ISMG: "We are monitoring the situation in line with our data security practices. We don’t currently have an indication of a data breach at the foundation.”

A spokesperson for the National Institutes of Health declined to comment on the report. The CDC and World Bank could not be immediately reached for comment.


Update (April 23, 2020): Cybersecurity reporters Nicole Perlroth of the New York Times, and Steve Ragan, said they found that at least a significant number of the dumped credentials are old, and harvested from previous data breaches.

About the Author

Ishita Chigilli Palli

Ishita Chigilli Palli

Senior Correspondent, Global News Desk

As senior correspondent for Information Security Media Group's global news desk, Ishita covers news worldwide. She previously worked at Thomson Reuters, where she specialized in reporting breaking news stories on a variety of topics.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.