Cybercriminals have posted nearly 25,000 email addresses and passwords belonging to the World Health Organization, National Institutes of Health, the Gates Foundation, and other health groups working to fight the coronavirus crisis. The data breach was reported by the SITE Intelligence Group, which monitors terrorists and extremists groups online.
SITE was unable to verify whether the credentials were real, but it said that the information, which was exposed online Sunday and Monday, was being used to hack and harass employees of the mentioned organizations. According to cybersecurity expert Robert Potter, the WHO email addresses and passwords were authentic.
It's unclear where the list of credentials originated, but it appears to have been posted first on text storage site Pastebin. The list then appeared on 4chan, a message board known for its extreme and hateful political commentary, and later on Twitter then on Telegram's far-right extremist channels.
"Neo-Nazis and white supremacists capitalized on the lists and published them aggressively across their venues," said Rita Katz, SITE's executive director. "Using the data, far-right extremists were calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic. The distribution of these alleged email credentials was just another part of a months-long initiative across the far right to weaponize the COVID-19 pandemic."
SITE's report indicated that the NIH makes up the largest group of stolen emails and passwords, with nearly 10,000 found posted online. The Centers for Disease Control and Prevention comes second, with 6,857. The World Bank has 5,120, and WHO emails and passwords totaled 2,732.
In a statement on Wednesday, WHO confirmed that the credentials were authentic and cited a greater number of affected individuals, which the organization said was actually 6,835. However, WHO said that only 457 of those were valid and active and none of the emails were compromised. It has also advised its employees to reset the passwords of the exposed emails.
Some right-wing groups have questioned the science around the coronavirus pandemic, and according to Graphika - a service that uses AI to study social media misinformation - they have played a disproportionate role in spreading fake news about the virus.
Meanwhile, Twitter said it's doing bulk removals of URLs that attempt to spread the data. The affected health organizations are launching their respective investigations, which were likely from old hack attacks. Cybersecurity experts recommend tightening their security as malicious actors continue to take advantage of the current health crisis for their gain.
