Security News > 2020 > April > WHO, CDC and Bill and Melinda Gates Foundation Victims of Credential Dump, Report
Unknown threat actors have allegedly dumped nearly 25,000 email addresses and passwords from notable organizations involved in the fight against the COVID-19 pandemic, including credentials from prominent health organizations.
Hackers have been using information belonging to groups such as World Health Organization, the U.S. Centers for Disease Control and Prevention, the World Bank, the U.S. National Institutes of Health, the Bill and Melinda Gates Foundation and the Wuhan Institute of Virology online in various ways, according to a report by the Washington Post, citing research by the SITE Intelligence Group.
According to their research, about 9,938 email and password combos came from the National Institutes of Health, 6,857 came from the Centers for Disease Control and Prevention, 5,120 came from the World Bank, 2,732 came from the WHO and 269 came from the Gates Foundation.
The WHO so far is the only organization that confirmed the incident, citing a higher number of exposed credentials, 6,835, than had been reported by SITE, according to the report.
"Forty-eight people have 'password' as their password," cybersecurity expert Robert Potter said, according to the report.