It is still unknown what server has been breached, but judging by the prevalence of @undp.org email addresses, and the fact that a set of login credentials seems to belong to the administrator (who also has an @undp.org address), it is believed that it was that of the United Nations Development Programme (UNDP).
"The overseer of many atrocities from Rwanda to Darfour to the inaction in Yugoslavia to the creation of the State of Israel and the disposition of the Palestinian people, the UN has become a beast that must be stopped or tamed!" says the group in the introduction of the leak, pointing to the reason behind the hit.
If the dumped data did indeed come from a hacked server and is legitimate and accurate, it would seem that it wasn't encrypted and that there was no minimum mandated length requirement for passwords - all practices that you wouldn't expect from an organization such as the UN.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.