Say in ain't so, Joe.[ZeroHedge] A cache of nearly 25,000 email addresses and passwords allegedly belonging to the World Health Organization (WHO), National Institutes of Health (NIH), Wuhan Institute of Virology, Bill Gates Foundation and several other groups involved with the coronavirus pandemic response were dumped on 4chan before appearing on several other websites, according to the SITE Intelligence Group....
WHO chief information officer Bernardo Mariano told Bloomberg that the organization wasn't hacked, and that the data was possibly obtained through prior data breaches.
"The employees may have used their work email address to register an account for a particular website, and then that website has been hacked, leaking their password."
According to Mariano, 400 of the credentials were still active - and he claims that none of the passwords were used to access sensitive information due to the organization's two-factor authentication system. 4chan users, on the other hand, said that they were able to use the passwords to gain access to a WHO website called "Extranet," according to Bloomberg.
Mariano added that the organization has been seeing an increasing number of attempted cyber-intrusions since mid-March, and that there had recently been a "sustained attempt" to hack into the computers of four WHO employees in South Korea, along with the organization's Geneva headquarters.
4chan users said they were using the credentials to download 'everything' they could....
Australian cybersecurity expert Robert Potter said he was able to verify the WHO information, and that "their password security is appalling."
"Forty-eight people have ‘password' as their password," he said. Others used their own first names or "changeme."...
