A security researcher has found sensitive data from the UN, including passwords and private data of employees, through publicly accessible documents on Trello, Google Drive and in Jira.
The researcher, Kushagra Pathak, tracked the publicly accessible data via Google searches, reports The Intercept. These searches referred to Boards of project management service Trello who had put people at various sections of the UN public. They are standard on private. The same applies to the links on Google Drive and in bug tracking service Jira. Those lefts came from Trello.
The users of Trello, Google Drive and Jira at the UN had put the links public, so everyone could watch with the link. He found an ftp server, links giving access to web conferences, addresses of all UN buildings in New York and telephone numbers of UN staff.
Pathak reported the problem to the UN on 20 August, but only a few weeks ago , after The Intercept had also contacted, the UN started making the links private again. The UN says in a reaction that much of the data is not sensitive, while there is also obsolete data in between. Despite this, UN employees have been given a signal to handle data on third-party platforms with care.
It happens more often that sensitive information comes to the fore through Google searches. Pathak thus found data from various companies and governments