The hack was claimed by a hacker called Casi, but the Pastebin file ended with the signature of TeaMp0isoN members so we’ve contacted them on IRC asking them to clarify matters.
It turns out that the actual hack was performed by TeaMp0isoN’s Phantom which uploaded the data leak to Pastebin as a private document a few days ago. Other hackers came across it and claimed the hack, adding a statement to show their reasons for allegedly hacking the server.
“I don’t know who the hacker is, but this is my release. I don’t know how he got hands on it. I worked 4 days to strip the databases again,” Phantom said.
Phantom claims that he leveraged exactly the same vulnerabilities and found mainly the same information on the United Nations Development Programme site.
“I found the same vulnerabilities, the same data. I made that Pastebin a private one and deleted it coz I don’t store [expletive] on my PC. Obviously someone found it,” he added.
Besides the UNDP site, members of TeaMp0isoN also identified a large number of SQL Injection vulnerabilities on un.org, the United Nations main website, planning to later hack into it.
Now that the information is out in the open, the United Nations has the opportunity to patch up the security holes before hackers can leverage them to breach their systems.
We’ve contacted the United Nations to learn if they’re aware of this latest breach, so stay tuned to find out how they respond to the incident.