Leaked WHO user credentials resurface on popular trading forum

Email addresses and passwords of 6835 WHO employees resurface on Nulled. These credentials were also posted on Pastebin, last month.

Share this Intel:

CloudSEK researchers discovered the World Health Organization’s user credentials exposed on a renowned forum board that trades hacked/ leaked data, Nulled. The database contains credentials of over 6800 users. The same database was leaked on Pastebin, in April and the incident was widely reported in the media. 

Montiii Nulled
Nulled profile of “Montiii”

SITE Intelligence Group, an organization that tracks online terrorist groups and extremists, had reported the data breach attack that targeted organizations attempting to fight the spread of Coronavirus. About 25,000 credentials that allegedly belong to NIH, WHO, the Gates Foundation among other organizations, were posted on an online, temporary text storage website, Postbin. Later, the link to this data was published on the imageboard website, 4chan, Twitter, and various channels on Telegram. 

Although it could not be verified whether the leaked credentials belonged to these organizations, an Australian cybersecurity expert had confirmed that the email addresses and passwords related to WHO, were real. WHO confirmed this, but was quick to add that 6835 user credentials were compromised in the incident, a number higher than what SITE had stated. All the active and valid passwords were reset consequently, which renders the database obsolete. 

However, the database has re-emerged on Nulled and was posted by a registered user, who goes by the name “Montiii.” With 3 points of reputation on Nulled, he is an active user on the forum. Earlier this month, “Montiii” published a link to the database, which was posted on yet another online text storage site, Throwbin, and subsequently removed the same on the 5th of May, 2020.

redacted Throwbin
User credentials on Throwbin

Be informed about these Threats in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about these threats first in your inbox.