Misconfigured UN Database Exposes 228GB of Gender Violence Victims’ Information

A cybersecurity researcher found a large knowledge leak exposing over 115,000 delicate paperwork related to the UN Belief Fund to Finish Violence in opposition to Girls. The leaked knowledge contains private data, monetary information, and sufferer testimonies, posing a critical danger to privateness and safety.

Cybersecurity researcher Jeremiah Fowler found a misconfigured database affecting the United Nations (UN) Belief Fund to Finish Violence in opposition to Girls. In keeping with Fowler’s investigation, reported shared with Hackread.com, the uncovered database was unsecured and unprotected by a password or some other safety authentication, making it simply accessible to anybody with an web connection.

The database contained over 115,000 information and 228 GB of delicate knowledge, together with monetary reviews, workers paperwork, electronic mail addresses, contracts, and private data of victims and charity employees in PDF, .XML, .JPG, and PNG codecs. 

The leaked paperwork revealed a variety of confidential data, equivalent to:

  • Employees data: Names, tax knowledge, wage data, and job roles
  • Sufferer data: Names, electronic mail addresses, and private experiences
  • Monetary particulars: Checking account data, audits, and monetary reviews
  • Organizational docs: Contracts, certifications, and registration paperwork

The information indicated a reference to UN Girls and the UN Belief Fund to Finish Violence in opposition to Girls, with reference letters, UN logos, and file names indicating their affiliation.

Screenshot from the uncovered knowledge by way of Jeremiah Fowler

“Although the records indicated the files belonged to the UN Women agency, it is not known if they owned and managed the non-password-protected database or if it was under the control of a third-party contractor.”

Jeremiah Fowler

This breach poses a critical danger to the privateness and security of these concerned within the group’s efforts to fight gender-based violence. The uncovered knowledge might probably be utilized by malicious actors to focus on people and organizations related to the UN Belief Fund.

For instance, criminals can launch phishing assaults, identification theft, or blackmail makes an attempt. The data uncovered could possibly be used for numerous malicious functions, together with identification theft, fraud, focused phishing assaults, blackmail, extortion of funds from the UN Belief Fund, and harassment. 

Victims, charity employees, and UN workers could possibly be focused to steal their identities, commit fraud, blackmail, or extort cash from the UN Belief Fund. The breach additionally poses a safety danger to susceptible populations, which the UN Belief Fund is working to guard, because the publicity of non-public data might result in additional hurt or exploitation. 

Furthermore, uncovered inner paperwork “could potentially provide criminals with insights into how the organizations operate, their key management, financial structures, and other details that may not have been intended to be public,” Fowler famous.

It’s unclear who was managing the database, the way it was left unprotected, and for the way lengthy it remained uncovered. The excellent news is that UN Girls secured the database after receiving a accountable disclosure discover from Fowler. The group has additionally issued a rip-off alert and is working to mitigate the dangers related to the information publicity and to make sure that related incidents don’t happen sooner or later.

However, this incident highlights the significance of sturdy cybersecurity measures to guard delicate knowledge, particularly within the context of humanitarian organizations working in susceptible areas.

  1. Facial DNA supplier leaks biometric knowledge by way of WordPress folder
  2. 3TB of clips from uncovered dwelling safety cameras posted on-line
  3. “BreedReady” database of 1.8m Chinese language girls surfaced on-line
  4. Gender Variety in Cybercrime Boards: Girls Customers on the Rise
  5. iCloud phishing rip-off – Man stole non-public photographs of 620,000 girls

Recent articles

What’s CRM? A Complete Information for Companies

Buyer relationship administration software program is a gross sales...

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Discovered Stealing Consumer Information

KEY SUMMARY POINTs from the article   Malicious Packages Recognized: Zebo-0.1.0...

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

Dec 24, 2024Ravie LakshmananMalware / Information Exfiltration Cybersecurity researchers have...