Cyber Incident Victim: United Nations

On February 20, 2014, the hacker collective @deletesec publicly announced a breach of the United Nations Internet Governance Forum (IGF) website, resulting in the leak of 3,215 user accounts. The compromised data included real names, usernames, email addresses, and encrypted passwords of individuals associated with the forum. The IGF website, registered to Chengetai Masango—the Programme and Technology Manager at the United Nations Secretariat for the IGF—served as a collaborative platform for multi-stakeholder policy discussions related to internet governance. Its primary function was to support the UN Secretary-General in facilitating dialogue mandated by the World Summit on the Information Society (WSIS). Attackers disclosed the breach via Twitter and published the stolen data on defuse.ca, exposing participants who used the platform to exchange views on global internet policy matters.

The leaked dataset contained 3,200 unique non-duplicate accounts spanning 537 distinct email providers, indicating broad international participation. Among the affected accounts were email addresses linked to government organizations, though specific agencies or nations were not detailed in the disclosure. The breach compromised credentials of stakeholders engaged in shaping internet governance policies through the UN-affiliated forum. No information regarding the exploitation methods, timeline of unauthorized access, or containment measures taken by the IGF or UN was disclosed in the announcement. The incident exposed sensitive user information but did not reveal whether password decryption attempts occurred or if secondary attacks resulted from the leak.