Abrar Hussain: The list of organizations and spy firms confessing accidental exposure of their data have recently included an even bigger victim. The United Nations that reportedly exposed sensitive data online, according to a discovery made by a researcher regarding passwords and other sensitive data leaking online on Google due to an app misconfiguration
The leaked data includes passwords, technical details, and internal documents exposed publicly by Trello, Jira, and Google Docs.
Security researcher Kushagra Pathak stumbled upon the leaked data about a month ago. He then alerted the UN about the data exposure. According to his observation, the exposed data included some explicit information that anyone could access through a simple Google search.
The Intercept states, “The mistakes made sensitive material available online to anyone with the proper link, rather than only to specific users who should have access. Affected data included credentials for a UN file server, the video conferencing system at the UN’s language school, and a web development environment for the UN’s Office for the Coordination of Humanitarian Affairs.”
Up until September 12, UN officials remained unable to discover the exact vulnerability as stated in their email to Pathak. He continued his communication with the UN, reporting more sensitive data exposure instances to them.
“In all, he reported 60 Trello boards, several Google Drive and Google Docs links that contained sensitive information, and sensitive information from a public UN account on Jira.”
From September 13 onwards, UN began taking down the exposed data. The report then surfaced online on September 24.