World Health Organization (WHO) Director-General Tedros Adhanom Ghebreyesus.
Fabrice COFFRINI/Getty Images
  • The Washington Post reported that almost 25,000 email addresses and passwords allegedly belonging to organisations like the World Health Organisation and the Gates Foundation were released by unknown parties on Sunday and Monday.
  • The information was then used by hackers and far-right extremists to spread coronavirus conspiracy theories.
  • Australian cybersecurity expert Robert Potter, who confirmed some of the addresses were authentic, also told The Washington Post that the WHO's password system was "appalling" with 48 people having "password" as their password.
  • For more stories go to

Almost 25,000 email addresses and passwords, allegedly belonging to organisations trying to combat the coronavirus, were dumped online by an unknown party, and have been used to spread coronavirus conspiracy theories. The authenticity of the addresses and passwords is not yet confirmed.

The Washington Post first reported the dumping of emails alleged to be from six organisations, all of which are related to fighting the coronavirus, on April 21. The groups were the World Health Organisation (WHO), the US Centers for Disease Control and Prevention (CDC), the World Bank, the US National Institutes of Health, the Gates Foundation, and the Wuhan Institute of Virology.

The information has since been used by hackers and far-right extremists to share coronavirus conspiracy theories - including linking HIV to the coronavirus - according to SITE Intelligence Group, a watchdog for online terrorism and extremism.

SITE compiled how many emails and passwords had been released. It believes that 9,938 allegedly came from the National Institutes of Health, 6,857 allegedly came from the Centers for Disease Control and Prevention, and 5,120 allegedly came from the World Bank.

Cyberattacks linked to the coronavirus have become widespread recently. Business Insider reported on April 9 that every country in the world had experienced a coronavirus-themed cyber attack. Although this cyber attack is against the organisations that are trying to stop the coronavirus.

SITE's executive director Rita Katz told The Post that Neo-Nazis and white supremacists published the lists "aggressively" on their platforms, beginning on 4chan, an online message board, before appearing on Pastebin and Twitter.

"Using the data, far-right extremists were calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic. The distribution of these alleged email credentials were just another part of a months-long initiative across the far right to weaponise the Covid-19 pandemic," she said.

SITE could not verify whether all of the email addresses were authentic, but a cybersecurity expert named Robert Potter confirmed to The Post that the 2,732 emails and passwords belonging to WHO were.

Potter said he used the information online to get into the WHO's computer system. He was highly critical of the password choices of WHO employees. He said: "Their password security is appalling. Forty-eight people have 'password' as their password." Others used their first names or "changeme."

Most of the organisations had not responded to The Post on Tuesday night. But the Gates Foundation, of which allegedly 269 emails and passwords were released, according to Katz, released a statement that said it was monitoring the situation, although it had no indication of any data breaches.

Receive a daily update on your cellphone with all our latest news: click here.

Get the best of our site emailed to you daily: click here.

Also from Business Insider South Africa: