UN hacked again | Geo-Poli-Cyber risk exposures increased on UN and its employees’ nations

Ethical hackers have uncovered and responsibly disclosed a security vulnerability which allowed them to access the private records of over 100,000 United Nations Environmental Programme (UNEP) Employees.

This is not the first time UN systems have suffered a data breach. In 2019, the UN did not disclose a cyberattack that had severely compromised their networks and databases.

Related Stories

In 2020, a disclosure finally came out from the UN which pinned the blame for the hack on a SharePoint vulnerability.

Increased Geo-Poli-Cyber Risk Exposure on UN and its Employees’ Nations.

“Many UN employees are often high profile government officials in their own home country before joining the UN. Their exposed private data and travel habits have now increased the Geo-Poli-Cyber risk exposure not only on the UN but but also on their respective governments and countries they are citizens of” said an MLi Group Cyber Survivability Expert.

The expert added: ” Many governmental and organizational systems may have had these vulnerabilities in their systems for a while without knowing it. A comprehensive Cyber Survivability and Security audit must be conducted ASAP”. Stakeholders interested in such audits can submit their requests at the end of this post.

In this instance, the ethical hackers have disclosed their findings describing the vulnerability that let them access the private data of over 100,000 United Nations Environment Programme (UNEP) employees.

The data set obtained by the group exposed travel history of UN staff, with each row containing: Employee ID, Names, Employee Groups, Travel Justification, Start and End Dates, Approval Status, Destination, and the Length of Stay.

The documents and screenshots provide extensive details on the nature of this security flaw and all that it exposed.

They then came across exposed Git directories (.git) and Git credential files (.git-credentials) on domains associated with the UNEP and United Nation’s International Labour Organization (ILO).

The researchers were able to dump the contents of these Git files and clone entire repositories from the *.ilo.org and *.unep.org domains using git-dumper.

The .git directory contents comprised sensitive files, such as WordPress configuration files (wp-config.php) exposing the administrator’s database credentials.

WordPress configuration file exposed database credentials
WordPress configuration file found within exposed .git directory on UN domains

Likewise, different PHP files exposed as a part of this data breach contained plaintext database credentials associated with other online systems of the UNEP and UN ILO.

In addition, the publicly accessible .git-credentials files enabled the researchers to get their hands on UNEP’s source code base as well.

Exfiltrated Data of Over 100,000 Employees.

Using these credentials, researchers were able to exfiltrate the private information of over 100,000 employees from multiple UN systems.

Exposed UN employee travel history
UN employee travel history (100k+ records) exfiltrated by researchers

HR demographic data redacted
Redacted HR demographic data of 7,000+ UN employees


It is not surprising how the ethical hackers were able to access such sensitive data within just a few hours.

They found 7 additional credential-pairs which could have resulted in unauthorized access of multiple databases. .

Although the UNEP thanked the ethical hackers for their vulnerability report and stated that their DevOps team had taken immediate steps to patch the vulnerability and that an impact assessment of this vulnerability was in progress, the UNEP also stated that a data breach disclosure notice was in the works but that it was “challenging as we have not done this before.”

Survivability News strongly recommends conducting an MLi Cyber Survivability and Security Audit.

Are you Citizen-Journalist Material?

Have a tip or scoop? Do you have info about corruption that needs to be investigated and responsibly exposed ? Get in touch securely via WhatsApp at +44 7771 927378 | Signal at +447766 098270

Receive Exclusives, Features & News Updates


What Are
Cyber™ Risks?

What Is Geo-Poli-Cyber™?

MLi Group created the terms Poli-Cyber™ and Geo-Poli-Cyber™ (GPC™) in 2012 and 2013 based on the philosophy that if you cannot identify and name the threat, you cannot mitigate that threat.

Geo-Poli-Cyber™ attacks are political, ideological, terrorist, extremist, ‘religious’, and/or geo-politically motivated.

Click to read more