A vulnerability in a GitHub repository belonging to the United Nations Environment Program exposed over 100,000 employee records, including personally identifiable information, contact details and other sensitive data, according to a group of independent security researchers.
UNEP is responsible for coordinating the U.N.'s environmental activities. Sakura Samurai, a new group of ethical hackers, notes in its report the vulnerabilities stemmed from an endpoint that exposed the GitHub repository's credentials.
"The credentials gave us the ability to download the GitHub repositories, identifying a ton of user credentials and [personally identifiable information]. In total, we identified over [100,000] private employee records," says John Jackson, one of the security researchers in the group.
The analysis also revealed that there were ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE