The World Health Organization (WHO) has confirmed reports earlier this week that thousands of staff emails and passwords were leaked online, adding that it has seen a “dramatic increase” in cyber-attacks since the start of the COVID-19 crisis.
Rita Katz, director of SITE Intelligence Group, said earlier this week that suspected Neo-Nazi groups had posted the details online, on platforms including 4chan, Pastebin and Twitter.
This was part of an alleged months-long harassment campaign of staff at the organization and others fighting the pandemic, including the Centers for Disease Control and Prevention, the World Bank, the Gates Foundation and the National Institutes of Health.
In a brief update yesterday, the WHO confirmed that 450 active WHO email addresses and passwords were leaked online, plus thousands belonging to “others” working on COVID-19 response.
Despite describing the log-ins as “active,” it claimed that the credentials didn’t pose a security risk as they were old. However, an “older extranet system” used by current and retired staff and partners was affected, it admitted.
Steps are being taken to improve authentication security on the site, presumably by mandating two-factor authentication or similar.
More generally, the WHO claimed it had seen a dramatic surge not only in attacks aimed at its staff but in phishing emails spoofing its name to trick the general public.
It pointed in particular to scams aimed at soliciting donations to fictitious funds, although there are many others, designed to covertly install malware and harvest credentials.
The number of attacks in general has increased five-times over the number seen during the same period last year, WHO claimed.
“Ensuring the security of health information for member states and the privacy of users interacting with us is a priority for WHO at all times, but also particularly during the COVID-19 pandemic,” said WHO CIO, Bernardo Mariano.
“We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together.”