WHO Emails, Passwords Leaked – Cybersecurity Expert Comments

news release issued by the World Health Organization (WHO) today says this week, some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. The leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system, used by current and retired staff as well as partners. WHO is now migrating affected systems to a more secure authentication system.

Craig Cooper, COO ,  Gurucul
April 26, 2020
It unfortunately reinforces the need for every organization to secure their systems and data.
At a time when the health of the global population is at risk, it's truly heartbreaking to have to divert resources from saving lives to saving the PII data of WHO staff. It unfortunately reinforces the need for every organization to secure their systems and data on a continuous basis with modern cyber defenses. Machine learning based security analytics gets ahead of bad actors and would have dete ....
Colin Bastable, CEO ,  Lucy Security
April 26, 2020
The common “covid” nature of the organizations targeted strongly suggests that they are old credentials.
These credentials are most likely from earlier data breaches, usually where people have used work emails on compromised third-party sites, hotel bookings, rewards programs, etc. The common “covid” nature of the organizations targeted strongly suggests that they are old credentials that have been bundled to take advantage of the current Wuhan virus crisis. The leaks may also be tied to politica ....
