Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

1000+ UN emails, usernames and passwords leaked

Posted on 29 November 2011.

A group of hackers that go by the name of "Teamp0ison" has apparently hacked one (or more) of UN's servers and dumped over 1000 email addresses, usernames and passwords of its staff on Pastebin.

It is still unknown what server has been breached, but judging by the prevalence of @undp.org email addresses, and the fact that a set of login credentials seems to belong to the administrator (who also has an @undp.org address), it is believed that it was that of the United Nations Development Programme (UNDP).

"The overseer of many atrocities from Rwanda to Darfour to the inaction in Yugoslavia to the creation of the State of Israel and the disposition of the Palestinian people, the UN has become a beast that must be stopped or tamed!" says the group in the introduction of the leak, pointing to the reason behind the hit.

If the dumped data did indeed come from a hacked server and is legitimate and accurate, it would seem that it wasn't encrypted and that there was no minimum mandated length requirement for passwords - all practices that you wouldn't expect from an organization such as the UN.