Security Researchers Gained Access to Git Repositories of the United Nations

The security experts of Sakura Samurai have managed to get access to more than 100,000 personal records and credentials belonging to United Nations representatives in just a few hours.

The data breach was initially originated from exposed Git directories and credentials, which enabled the experts to clone Git repositories and accumulate a huge amount of personally identifiable information (PII) associated with over 100k employees.

The security experts Jackson Henry, Nick Sahler, John Jackson, and Aubrey Cottle of Sakura Samurai who have revealed the vulnerability came across visible Git directories (.git) and Git credential files (.git-credentials) on domains that are generally linked with the UNEP and United Nation’s International Labour Organization (ILO).

Data Compromised

The security experts have mentioned a list of compromised data (PII), and here we have mentioned them below:-

  • Travel Records (Two Documents: 102,000+ Records)
  • HR Nationality Demographics (Two Documents: 7,000+ Records)
  • Generalized Employee Records (One document: 1,000+ Records)
  • Project and Funding Source Records (One Document: 4,000+ Records)
  • Evaluation Reports (One Document: 283 Projects)

Technical Evaluation

According to the experts, they have managed to take over a SQL Database and a Survey Management Platform relating to the International Labour Organization and the UN’s VDP program scope.

Moreover, the report that has been presented by the experts clearly affirms that “the ILO vulnerabilities were of little importance as the Database and Survey Management platform were reasonably dropped in nature, and it carried hardly anything of use.”

The cybersecurity researchers had performed a subdomain catalog of all of the domains in extent for the VDP that has been offered by the UN. Throughout the research, the experts have begun to fuzz various endpoints along with tooling and initially found that an “” subdomain had exposed “.git” contents.

That’s why the experts asserted that using a git-dumper will be helpful, as it will allow them to dump the project folders that are hosted on the web app.

The information that has been collected by the group has revealed the travel history of UN staff, which contains all the details like Employee ID, Names, Employee Groups, Travel Approval, Start and End Dates, Approval Status, Destination, and the duration of Stay.

After detecting the vulnerability, soon, the researchers reported it to the UN privately on January 4th, 2021. The UN Office of Information and Communications Technology (OICT) initially accepted their report and confirmed it. 

Due to the early report of the security experts, the United Nations managed quickly to reinforce this security issue just within a week. But, the researchers at the UN are still investigating the whole matter and all the essential details to find out if the threat actors have obtained any other data or not.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

11 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

14 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

15 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago