Hackers leak credentials of WHO and Gates Foundation employees

Cyber criminals posted almost 25,000 email addresses and passwords to 4chan and Pastebin

Almost 25,000 email addresses and passwords allegedly belonging to employees of leading health organisations such as the World Health Organisation (WHO) and the US National Institutes of Health (NIH) have been leaked online in what is being described as a “harassment campaign”.

The news comes as WHO reported that it has been forced to double its security resources due to a significant increase in cyber attacks on the organisation since mid-March when the coronavirus moved up to pandemic status.

Director of SITE Intelligence Group Rita Katz told the Washington Post that “Neo-Nazis and white supremacists capitalized on the lists and published them aggressively across their venues (...) calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic”.

Other victims of the breach include the Centers for Disease Control and Prevention (CDC), the World Bank, the Gates Foundation and the Wuhan Institute of Virology, who all had their credentials posted to sites such as 4chan and Pastebin.

According to SITE, which was unable to verify whether the email addresses and passwords were authentic, the NIH was the hardest hit by the breach with 9,938 credentials posted online. The CDC had 6,857 credentials leaked, while the list of WHO email addresses and passwords totalled 2,732.

The Gates Foundation and the Wuhan Institute of Virology lost 269 and 21 credentials respectively.

A spokesperson for the NIH said in a statement: “We are always working to ensure optimal cyber safety and security for NIH and take appropriate action to address threats or concerns."

Yvonne Eskenzi, founder of cybersecurity PR agency Eskenzi, told IT Pro that “it’s too early to say if these credentials are old or current”.

“It just highlights the constant and relentless attacks all companies are under but particularly right now the healthcare is seeing a barrage of attacks of ransomware and credential theft,” she said.

“The healthcare sector has the most valuable and sensitive data and we’ve learnt from our cybersecurity clients that the level of attacks has increased dramatically during the COVID-19 crisis, surpassing the financial sector who have always been the first port of call. This is a sickening and tragic development and shows that there are no depths to which the cybercriminals will stoop too.”

Last month, cyber criminals targeted hospitals across Europe in an effort to compromise their computer systems while healthcare workers deal with a dramatic influx of patients due to the coronavirus outbreak.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Phishing emails target victims with fake vaccine passport offer
cyber crime

Phishing emails target victims with fake vaccine passport offer

21 Sep 2021
Oracle teams with Oxford University for rapid detection of COVID-19 variants
data processing

Oracle teams with Oxford University for rapid detection of COVID-19 variants

20 Sep 2021
The IT Pro Podcast: Digital stagnation in a post-COVID world
digital transformation

The IT Pro Podcast: Digital stagnation in a post-COVID world

27 Aug 2021
Podcast transcript: Digital stagnation in a post-COVID world
digital transformation

Podcast transcript: Digital stagnation in a post-COVID world

27 Aug 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021