Expert Comments

WHO Emails, Passwords Leaked – Cybersecurity Expert Comments

Expert(s): Security Experts
Expert(s): Security Experts

news release issued by the World Health Organization (WHO) today says this week, some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. The leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system, used by current and retired staff as well as partners. WHO is now migrating affected systems to a more secure authentication system.

Experts Comments

April 26, 2020
Craig Cooper
COO
Gurucul
At a time when the health of the global population is at risk, it's truly heartbreaking to have to divert resources from saving lives to saving the PII data of WHO staff. It unfortunately reinforces the need for every organization to secure their systems and data on a continuous basis with modern cyber defenses. Machine learning based security analytics gets ahead of bad actors and would have detected the host compromise that impacted the older WHO system. Monitoring network and host behaviors.....Read More
At a time when the health of the global population is at risk, it's truly heartbreaking to have to divert resources from saving lives to saving the PII data of WHO staff. It unfortunately reinforces the need for every organization to secure their systems and data on a continuous basis with modern cyber defenses. Machine learning based security analytics gets ahead of bad actors and would have detected the host compromise that impacted the older WHO system. Monitoring network and host behaviors in real-time is the most effective way to detect anomalous activity indicative of cyberattacks before criminals can gain a foothold to then exfiltrate data.  Read Less
April 26, 2020
Colin Bastable
CEO
Lucy Security
These credentials are most likely from earlier data breaches, usually where people have used work emails on compromised third-party sites, hotel bookings, rewards programs, etc. The common “covid” nature of the organizations targeted strongly suggests that they are old credentials that have been bundled to take advantage of the current Wuhan virus crisis. The leaks may also be tied to political hostility to the Gates Foundation’s work on vaccinations and its participation in an October.....Read More
These credentials are most likely from earlier data breaches, usually where people have used work emails on compromised third-party sites, hotel bookings, rewards programs, etc. The common “covid” nature of the organizations targeted strongly suggests that they are old credentials that have been bundled to take advantage of the current Wuhan virus crisis. The leaks may also be tied to political hostility to the Gates Foundation’s work on vaccinations and its participation in an October 2019 pandemic wargaming session, Event 201. So this “leak” may be a politically-motivated action designed to capitalize on the WHO’s woes and Gates drive to promote his Foundation’s vaccines combined with tech-based lockdown “passports.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Planned Parenthood LA breached, Experts Weigh In

Data Security Comment: Colorado Energy Company Loses 25 Years Of...

Colorado Energy Company DMEA Loses 25 Years Of Data After...

Governemnt Data Breach Of New Years Honours Recipients

New Malvertising Campaign Spreads Backdoors, Malicious Chrome Extensions

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Data Hacked For 400,000 LA Patients

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts