United Nations Data Breach Leaks Passwords and Other Data

It seems that the U.N. can join the list of hacked companies and organizations. The United Nations data breach leaked passwords and other sensitive data to the entire internet (via The Intercept).

[iPhone Spyware Company mSpy Leaks Customer Data]

United Nations Data Breach

It turns out that the U.N. misconfigured apps it uses like Trello, Jira, and Google Docs. Security researcher Kushagra Pathak found the breach about a month ago and notified the U.N. In a chat with The Intercept Mr. Pathak says he found the breach by using Google search, which gave him public Trello pages.

United Nations logo. United Nations Data Breach Leaks Passwords and Other Data.

Some of the Trello cards contained links to Jira pages, which is an issue tracking app, and Google Docs, some of which had plaintext passwords. Mr. Pathak is somewhat of a specialist when it comes to public Trello boards, so it’s not unusual for him to find stuff like this.

After the U.N. took down the exposed information, spokesperson Florencia Soto Nino-Martinez said in an email to The Intercept:

Some of the boards listed have communications materials which are not sensitive, while some have outdated information. However, we are reviewing all boards on the list to ensure that no passwords or credentials are shared through this medium. We take security very seriously and have reached out to all staff reminding them of the risks of using a third-party platform to share content and to take the necessary precautions to ensure no sensitive content is public.

[MyFitnessPal Data Breach Hits 150 Million Users]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.