The security experts of Sakura Samurai have managed to get access to more than 100,000 personal records and credentials belonging to United Nations representatives in just a few hours.
The data breach was initially originated from exposed Git directories and credentials, which enabled the experts to clone Git repositories and accumulate a huge amount of personally identifiable information (PII) associated with over 100k employees.
The security experts Jackson Henry, Nick Sahler, John Jackson, and Aubrey Cottle of Sakura Samurai who have revealed the vulnerability came across visible Git directories (.git) and Git credential files (.git-credentials) on domains that are generally linked with the UNEP and United Nation’s International Labour Organization (ILO).
The security experts have mentioned a list of compromised data (PII), and here we have mentioned them below:-
- Travel Records (Two Documents: 102,000+ Records)
- HR Nationality Demographics (Two Documents: 7,000+ Records)
- Generalized Employee Records (One document: 1,000+ Records)
- Project and Funding Source Records (One Document: 4,000+ Records)
- Evaluation Reports (One Document: 283 Projects)
According to the experts, they have managed to take over a SQL Database and a Survey Management Platform relating to the International Labour Organization and the UN’s VDP program scope.
Moreover, the report that has been presented by the experts clearly affirms that “the ILO vulnerabilities were of little importance as the Database and Survey Management platform were reasonably dropped in nature, and it carried hardly anything of use.”
The cybersecurity researchers had performed a subdomain catalog of all of the domains in extent for the VDP that has been offered by the UN. Throughout the research, the experts have begun to fuzz various endpoints along with tooling and initially found that an “ilo.org” subdomain had exposed “.git” contents.
That’s why the experts asserted that using a git-dumper will be helpful, as it will allow them to dump the project folders that are hosted on the web app.
The information that has been collected by the group has revealed the travel history of UN staff, which contains all the details like Employee ID, Names, Employee Groups, Travel Approval, Start and End Dates, Approval Status, Destination, and the duration of Stay.
After detecting the vulnerability, soon, the researchers reported it to the UN privately on January 4th, 2021. The UN Office of Information and Communications Technology (OICT) initially accepted their report and confirmed it.
Due to the early report of the security experts, the United Nations managed quickly to reinforce this security issue just within a week. But, the researchers at the UN are still investigating the whole matter and all the essential details to find out if the threat actors have obtained any other data or not.