Security researchers successfully hacked the United Nations, accessing user credentials and personally identifiable information (PII)–including more than 100,000 private employee and project records—before informing the U.N. about the problem through the organization’s vulnerability disclosure program.
Ethical hackers from the research group Sakura Samurai used a vulnerability in a GitHub directory that exposed WordPress DB and GitHub credentials, allowing access to numerous private records from the U.N.’s Environment Program (UNEP).
Researchers Jackson Henry, Nick Sahler, John Jackson and Aubrey Cottle discovered the vulnerability after the team decided to take a crack at finding an entry for the U.N.’s Vulnerability Disclosure Program and Hall of Fame and eventually identified an endpoint that exposed the credentials, researchers wrote in a blog post.
Copyright of this story solely belongs to threatpost.com . To see the full text click HERE