Security News > 2020 > January > U.N. Hack Stemmed From Microsoft SharePoint Flaw

According to the confidential document, at least 42 U.N. servers were compromised in Geneva and Vienna, potentially exposing staff personnel data and sensitive documents for other organizations collaborating with the U.N. "Although it is unclear what documents and data the hackers obtained in the 2019 incident, the report implies that internal documents, databases, emails, commercial information and personal data may have been available to the intruders - sensitive data that could have far-reaching repercussions for staff, individuals and organisations communicating with and doing business with the U.N.," Ben Parker, with The New Humanitarian, said on Wednesday.

Servers in three separate locations were compromised: the U.N. office at Vienna; the U.N. office at Geneva; and the U.N. Office of the High Commissioner for Human Rights headquarters, also in Geneva.

The hack also impacted the U.N. human rights office, which collects data that's used for exposing human rights abuses.

The document also reportedly suggests the hack most seriously affected the U.N.'s office in Geneva, which includes 1,600 staff working in a range of political and development units, including those focused on Syrian peace talks, the humanitarian coordination office and the Economic Commission for Europe.

"No matter what exactly was exposed, the decision not to notify all the people or organizations whose data may have been compromised - including U.N. staff - risks damaging trust in the U.N. as an institution, and so its effectiveness, according to human rights and privacy analysts."

News URL

https://threatpost.com/un-hack-microsoft-sharepoint-flaw/152378/