Wednesday, November 30, 2011

UN Server Hacked

The hacker group TeaMp0isoN (Team Poison) compromised a United Nations Development Program server and released a collection of email addresses, names and passwords to the Internet today. BBC news story is here. The list of the accounts, as originally posted by the hackers, is here.

UNDP is downplaying the security breach, saying the server was old and didn't contain current information. This is rather disingenuous, as surveys have shown most people use the same password over and over again for various accounts. If you worked or work for UNDP, it would be prudent to check the above link to see if any of your login information was compromised. There are also email accounts for people from the Organisation for Economic Co-operation and Development (OECD), the World Health Organisation (WHO), the UK's Office for National Statistics (ONS), other UN agencies, and a variety of governments and organizations.

If you're on the rather lengthy list and have used your password elsewhere, now is a good time to start changing passwords before someone accesses your other accounts (if they already haven't).

The server hack is bad news, but equally as bad is the poor password security practices of the majority of users (first name as password, no password used, less than 6 character password, all lower case password, etc.). This is a big fail for the IT staff in not ensuring strong passwords are used (a simple and automated process), a big fail for managers if they didn't educate staff and have policies about using strong passwords, and a big fail for users who should know better.



Post a Comment

<< Home