Exposed UN credentials and sensitive information
Security researcher Kushagra Pathak discovered that the UN had accidentally published passwords, internal documents (among which include job seekers' CVs) and technical details about its websites, due to a miscofiguration in the project management service Trello, in the issue tracking app JIRA and in the office suite Google Docs.
The researcher notified his discovery to the United Nations and, to this day, the material appears to have been taken down.
UN spokesperson, Florencia Soto Nino-Martinez, stated that part of the published material did not contain sensitive information, while another part was outdated. In addition, she stated that the necessary precautions would be taken to ensure that no sensitive content was public.
-
24/09/2018theintercept.com
-
25/09/2018unaaldia.hispasec.com