Hackers have leaked a list of nearly 25,000 email addresses and passwords allegedly belonging to the National Institutes of Health, the World Health Organisation (WHO), the Gates Foundation and other groups engaged in combatting the global Covid-19 pandemic, the Washington Post reported on Thursday.
The email addresses and passwords have been leaked online by unknown activists as per SITE Intelligence Group, which monitors online extremism and terrorist groups.
SITE was, however, unable to verify the authenticity of said emails and passwords
That had been released Sunday and Monday. The authenticity of the emails and passwords belonging to the WHO had been verified by an Australian cybersecurity expert, Robert Potter who said that they belonged to an earlier hacking attempt.
“The WHO list is genuine but it appears to be from an earlier attack. Healthcare agencies, in particular, are traditionally quite bad at cybersecurity,” Potter had tweeted.
The credentials had immediately been leveraged by far-right extremists to launch hacking and harassment attempts, the report said.
The credentials had most likely been leaked on Pastebin, a text storage site initially. A link to the post had then been shared on the notorious message board 4chan. The platform is infamous for hateful and extreme political commentary by users. The information was later released on Twitter where excerpts had been shared by multiple Twitter users. The information had also been shared on far-right extremist channels on Telegram, it said.
According to the report by SITE, the maximum number of credentials - 9,938 based on the lists found online belonged to the NIH while 6857 credentials were for the Centers for Disease Control and Prevention. The World Bank had 5,120 credentials leaked. The list of credentials belonging to the WHO totalled 2,732. Email IDs belonging to the Gates Foundation had also been listed.