Cyber Incident Victim: United Nations World Tourism Organization

On February 24, 2016, the United Nations World Tourism Organization (UNWTO) suffered a cyberattack attributed to the hacking group TeaMp0isoN. The attackers defaced the organization's website, compromising its public-facing systems. TeaMp0isoN subsequently dumped data from UNWTO's forums, exposing 1,524 member records containing usernames, email addresses, and MD5-hashed passwords. The defacement remained visible at the time of initial media reporting, indicating persistent unauthorized access. A TeaMp0isoN member using the alias "Jimmy" claimed responsibility for the breach, disclosing to DataBreaches.net that the attackers exploited an SQL injection vulnerability to compromise the forum. The dumped data posed credential-stuffing risks due to the weak MD5 hashing algorithm, potentially enabling further unauthorized access to user accounts across multiple platforms if passwords were reused.

This incident marked TeaMp0isoN's second known attack against UN-affiliated systems, following their 2011 breach of United Nations networks. The group explicitly cited their prior intrusion as motivation, with "Jimmy" stating their actions were intended to "fuck with them again." DataBreaches.net notified UNWTO about the breach but received no immediate public response regarding containment measures or victim notifications. The attack demonstrated persistent vulnerabilities in UNWTO's web applications, particularly insufficient input sanitization against SQL injection techniques. While the full operational impact remained unconfirmed, the breach compromised member trust and exposed personal information of forum participants through publicly released data.