Leaked WHO user credentials resurface on popular trading forum

Email addresses and passwords of 6835 WHO employees resurface on Nulled. These credentials were also posted on Pastebin, last month.
Updated on
April 19, 2023
Published on
May 14, 2020
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
CloudSEK researchers discovered the World Health Organization’s user credentials exposed on a renowned forum board that trades hacked/ leaked data, Nulled. The database contains credentials of over 6800 users. The same database was leaked on Pastebin, in April and the incident was widely reported in the media.
Montiii Nulled
Nulled profile of “Montiii”
SITE Intelligence Group, an organization that tracks online terrorist groups and extremists, had reported the data breach attack that targeted organizations attempting to fight the spread of Coronavirus. About 25,000 credentials that allegedly belong to NIH, WHO, the Gates Foundation among other organizations, were posted on an online, temporary text storage website, Postbin. Later, the link to this data was published on the imageboard website, 4chan, Twitter, and various channels on Telegram. Although it could not be verified whether the leaked credentials belonged to these organizations, an Australian cybersecurity expert had confirmed that the email addresses and passwords related to WHO, were real. WHO confirmed this, but was quick to add that 6835 user credentials were compromised in the incident, a number higher than what SITE had stated. All the active and valid passwords were reset consequently, which renders the database obsolete. However, the database has re-emerged on Nulled and was posted by a registered user, who goes by the name “Montiii.” With 3 points of reputation on Nulled, he is an active user on the forum. Earlier this month, “Montiii” published a link to the database, which was posted on yet another online text storage site, Throwbin, and subsequently removed the same on the 5th of May, 2020.
redacted Throwbin
User credentials on Throwbin

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations