Hackers of the NullCrew collective claim to have breached another subdomain owned by the World Health Organization (apps.who.int).
To demonstrate the fact that they have breached the site, the group has published the details of 10 user accounts consisting of usernames and password hashes.
I haven’t been able to verify if the data truly comes from the World Health Organization’s (WHO) servers. However, if it does originate from the organization, this wouldn’t be the first time when NullCrew takes credit for breaching their systems.
Back in July, they published emails, usernames and passwords, allegedly stolen from WHO.
I sent an email to WHO representatives a few hours before this article was published, but so far they haven’t responded to my inquiry.
I will not provide a link to the leaked information, because most of the passwords have been decrypted and the Pastebin paste contains the exact URL of the vulnerable site.