The leak of nearly 25,000 email addresses and passwords for employees of public health organizations may be down to a US-based conspiracy theorist, it has been found. This information was dumped online and spread via Twitter, according to a report published by The Washington Post on Wednesday. After the leak was reported, the WHO said it had seen a spike in attempted hacks on its employees – but asserted that the information involved only affected one older system at the organisation.
The leaked passwords appear to form part of a larger data set, first posted on the internet in 2016. SITE Intelligence Group, an organization that tracks extremist activity around the world, have since suggested that the data may have come from someone in the US, with multiple linked social media accounts sharing views that the coronavirus pandemic was being exaggerated by public health groups and the media.
I would advise all those with a WHO email address to use a unique and complex password to enter their account, and there has never been a better time to update it. Whether you are on the breached list or not, these addresses are highly sought after by criminals around the world and will remain a high target throughout the crisis. Not all attacks are financially motivated, and this suggests some criminals are clearly out to cause as much havoc as possible.
If criminal hackers gain access to even one account, the vast spread of misinformation could spread round the world quicker than ever.