The United Nations suffered a data breach that revealed the details of more than 100,000 UN environmental program staff. In a twist, however, the violation was exposed by ethical hackers.
The discovery was made and revealed today by the ethical hacking and security research group Sakura Samurai, which examined various UN databases after discovering that the intergovernmental organization had a vulnerability disclosure program.
The data breach involved exposed Git directories and Git credentials files in domains affiliated with UNEP and the United Nations International Labor Organization. With these details disclosed, the ethical hackers at Sakura Samurai deleted the contents of the Git files and cloned repositories using git-dumper, a tool for saving a Git repository from a website.
The stored files contained information about trips by UN employees such as ID cards, names, employee groups, justification of the trip, start and end date, approval status, destination and length of stay …