UN Hack Exposes More Weak Passwords

Date: 2011-11-30 07:57:33

On Monday, the hactivist group TeaMpoiSon posted 857 usernames and passwords for members of the United Nations Development Programme (UNDP), Organisation for Economic Co-operation and Development (OECD), UNICEF, World Health Organisation (WHO) and other groups.

The top ten passwords used were:

Note: This small list of 857 usernames, email and passwords was so small several passwords hit the top ten that were probably from users with multiple accounts or admins. We've removed these from the list.

12345
PASSWORD
123
samurai
sn
test
undp
welcome
111
114

We checked both pwnedlist and shouldichangemypassword.com this morning and neither found emails on this list. We notified both sites of the list so they can load them.

Update

Eweek Europe is reporting:
UNDP spokeswoman, Sausan Ghosheh, told the BBC that the hacked server, which goes back to 2007, contained old data and no active passwords. “The UNDP found [the] compromised server and took it offline. Please note that UNDP.org was not compromised.” Reference: eWeek Europe. The eWeek article also quotes a US security expert, whom we agree with. This list exposes email addresses and passwords. Most people admit to reusing passwords at many sites.

Category: Breach

Subcategory: Passwords