Cyber Security JISC Reuse

Amid the ongoing COVID-19 pandemic, misinformation has been a problem as bad actors have sought to exploit people concerned about the virus. In the latest breach, security teams found hackers spread misinformation by leveraging stolen credentials from the CDC, WHO, and other major groups.

A report from the Washington Post shows unknown attacks dumped around 25,000 email credentials, including passwords. These credentials came from notable groups, and even Bill Gates and his wife Belinda.

Other organizations affected including the World Bank, the U.S. National Institutes of Health, the Centers for Disease Control and Prevention (CDC), and the World Health Organization (WHO). The report points to the work of the SITE Intelligence Group, which discovered the leak.

SITE says bad actors, including extremists and hackers, have used the information to spread misinformation about COVID-19. Amon the lies circulated by the group was a link between the virus and HIV.

SITE breaks down the leak in the following way:

  • 9,938 email and password combos came from the National Institutes of Health
  • 6,857 came from the Centers for Disease Control and Prevention
  • 5,120 came from the World Bank
  • 2,732 came from the WHO
  • 269 came from the Gates Foundation.

Out of those groups, on the WHO has confirmed the breach and said more credentials were exposed than SITE thought. User credentials turned up on websites such as Pastebin and 4chan, while others were leaked onto Twitter.

Fighting Misinformation

Tech companies have been working to stop the spread of misinformation during the COVID-19 outbreak. WhatsApp recently announced it has restricted allowing users to forward message with “double arrows”. Specifically, users will be limited to one of these forwarded messages per chat.

In February, Facebook took early action to clamp down on misinformation around coronavirus. Facebook said it will make a more asserted effort to ensure fake news is removed from the site.