It is still unknown what server has been breached, but judging by the prevalence of @undp.org email addresses, and the fact that a set of login credentials seems to belong to the administrator (who also has an @undp.org address), it is believed that it was that of the United Nations Development Programme (UNDP).
"The overseer of many atrocities from Rwanda to Darfour to the inaction in Yugoslavia to the creation of the State of Israel and the disposition of the Palestinian people, the UN has become a beast that must be stopped or tamed!" says the group in the introduction of the leak, pointing to the reason behind the hit.
If the dumped data did indeed come from a hacked server and is legitimate and accurate, it would seem that it wasn't encrypted and that there was no minimum mandated length requirement for passwords - all practices that you wouldn't expect from an organization such as the UN.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.