Thousands of confidential UN documents linked to gender equality push leaked online

1 month ago

(Image credit: Shutterstock / Alexandros Michailidis)

A database believed to beryllium to nan United Nations Trust Fund to End Violence against Women has been discovered unsecured online, containing financial reports, slope relationship information, unit details, unfortunate testimonies and more.

The database, containing a full 228 GB of information, was discovered by cybersecurity interrogator Jeremiah Fowler and reported to vpnMentor.

It lacked immoderate password protection, pinch nan 115,141 files displayed unencrypted and accessible to anyone pinch an net connection.

Victim and worker accusation exposed

While presently unconfirmed, nan database contained accusation linked it to nan UN Women and UN Trust Fund to End Violence against Women, including letters and documents addressed to nan UN and stamped pinch UN logos, pinch circumstantial reference to UN Women.

Amongst nan accusation wrong nan database, Fowler identified scanned passport documents and ID cards, alongside elaborate accusation connected unit roles including names, occupation roles, net accusation and taxation data.

“There were besides documents branded arsenic “victim occurrence stories” aliases testimonies,” Fowler wrote successful his study for vpnMentor. “Some of these contained nan names and email addresses of those helped by nan programs, arsenic good arsenic specifications of their individual experiences. For instance, 1 of nan letters purported to beryllium from a Chibok schoolgirl who was 1 of nan 276 individuals kidnapped by Boko Haram successful 2014.”

A postulation of documents and certificates from nan UN Women database

It is not known really agelong nan database has been exposed for, whether nan database is managed by nan UN Women statement aliases a 3rd party, aliases whether nan database has been accessed by anyone extracurricular of nan organization.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Fowler explains respective hypothetical situations successful which nan information could beryllium misused, specified arsenic convincing spear phishing attacks against exposed email addresses utilizing manipulated documents. Theoretically, a threat character could besides usage nan documents to summation a high-level knowing of nan organization’s organizational and financial layout.

The UN Women statement has a scam alert posted connected its website which is undated, but nan page dates backmost to astatine slightest July 2022, pinch an update occurring successful July 2024 adding a guideline to utilizing nan Quantum procurement verification portal. Fowler alerted nan UN Information Security squad to nan unprotected database, and received a consequence stating, “The reported vulnerability does not pertain to america (the United Nations Secretariat) and is for UN Women. Please study nan vulnerability to UN WOMEN.”

More from TechRadar Pro

Take a look astatine nan best personality theft protection tools around
The United Nations ditches Big Tech successful a bid for security
These are nan best parental power apps

Benedict has been penning astir information issues for complete 7 years, first focusing connected geopolitics and world relations while astatine nan University of Buckingham. During this clip he studied BA Politics pinch Journalism, for which he received a second-class honours (upper division), then continuing his studies astatine a postgraduate level, achieving a favoritism successful MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro arsenic a Staff Writer, Benedict transitioned his attraction towards cybersecurity, exploring state-sponsored threat actors, malware, societal engineering, and nationalist security. Benedict is besides an master connected B2B information products, including firewalls, antivirus, endpoint security, and password management.

Source Technology