The data breach was uncovered by researchers who were examining the administrator’s database credentials through the Git directory, as Bleeping Computer has reported. Also examined were plaintext database credentials contained in various PHP files. The private data that was uncovered included travel records and human resources demographics like nationality, gender, pay grade.
The vulnerability was disclosed privately on January 4, 2021 and has now been patched. News about the data breach has only now come to light.
To gain an insight into the issue, Digital Journal spoke with Nathanael Coffing, cofounder and CSO at Cloudentity.
According to Coffing: “This breach was due to a lapse in security, which ultimately compromised 100,000 United Nations Environmental Programme (UNEP) employee private records through exposed Git directories and Git credential files.”
In terms of how the attack probably happened, Coffing says: “By accessing the administrator’s database credentials that were located through the Git directories, as well as plaintext database credentials located inside PHP files, researchers uncovered the personal identifiable information (PII) of thousands of UN employees, such as travel history and HR demographics. Although the vulnerability was patched, it is possible the information has already been accessed and published on the dark web for malicious actors to leverage and exploit.”
There are further concerns as ell, as Coffing reveals: “This vulnerability could have been prevented if proper security measures had been in place. These would include granular authorization requirements placed on the exposed Git repositories, transactional sessions and UEBA context for changing security or risk profiles coupled with analysis of clients and usage patterns. In addition, organizations must be authorizing individual data attributes coupled with short term User, Machine and API-Identities. This follows the Zero Trust principles, ensuring every individual, service and client is authorized before obtaining access to the system or database. With these preventative solutions in place, enterprises can reduce the risk of suffering a data breach and ensure employee information is secure.”
