Updated: May 4
Internet 2.0, working in conjunction with relevant authorities, has confirmed that the credentials associated with the World Health Organization were dumped online by an unknown attacker.
Washington Post covered the story in today's release
April 22, 2020 at 10:56 a.m. GMT+10
“Their password security is appalling,” Potter said of the WHO. “Forty-eight people have ‘password’ as their password.” Others, he said, had used their own first names or “changeme.” Potter said the alleged email addresses and passwords may have been purchased from vendors on the dark Web, a portion of the Internet that is not indexed by most search engines and where hacked information often is posted for sale. He said the WHO credentials appear to have come from a hack in 2016." We were able to quickly confirm that the credentials were from an earlier attack, dating to as early to as 2016. However, many of the usernames and passwords were still valid credentials. However, as this information is now widespread, a significant number of attackers were likely able to login.
Image: A World Health Organization building in Geneva. (Denis Balibouse/Reuters)