It seems that the U.N. can join the list of hacked companies and organizations. The United Nations data breach leaked passwords and other sensitive data to the entire internet (via The Intercept).
United Nations Data Breach
It turns out that the U.N. misconfigured apps it uses like Trello, Jira, and Google Docs. Security researcher Kushagra Pathak found the breach about a month ago and notified the U.N. In a chat with The Intercept Mr. Pathak says he found the breach by using Google search, which gave him public Trello pages.
Some of the Trello cards contained links to Jira pages, which is an issue tracking app, and Google Docs, some of which had plaintext passwords. Mr. Pathak is somewhat of a specialist when it comes to public Trello boards, so it’s not unusual for him to find stuff like this.
After the U.N. took down the exposed information, spokesperson Florencia Soto Nino-Martinez said in an email to The Intercept:
Some of the boards listed have communications materials which are not sensitive, while some have outdated information. However, we are reviewing all boards on the list to ensure that no passwords or credentials are shared through this medium. We take security very seriously and have reached out to all staff reminding them of the risks of using a third-party platform to share content and to take the necessary precautions to ensure no sensitive content is public.