The lists, whose origins are unclear, appear to have first been posted to 4chan, a message board notorious for its hateful and extreme political commentary, and later to Pastebin, a text storage site, to Twitter and to far-right extremist channels on Telegram, a messaging app.
“Neo-Nazis and white supremacists capitalized on the lists and published them aggressively across their venues,” said Rita Katz, SITE’s executive director. “Using the data, far-right extremists were calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic. The distribution of these alleged email credentials were just another part of a months-long initiative across the far right to weaponize the covid-19 pandemic.”
The report by SITE, based in Bethesda, Md., said the largest group of alleged emails and passwords was from the NIH, with 9,938 found on lists posted online. The Centers for Disease Control and Prevention had the second-highest number, with 6,857. The World Bank had 5,120. The list of WHO addresses and passwords totaled 2,732.
Smaller numbers of entries were listed for the Gates Foundation, a private philanthropic group whose co-founder, Microsoft co-founder Bill Gates, last week announced $150 million in new funding to combat the pandemic. Also targeted was the Wuhan Institute of Virology, a Chinese research center in the city where the pandemic began that has been accused of a role in triggering the outbreak.
The NIH, CDC, WHO and World Bank did not immediately reply to requests for comment Tuesday evening. The Gates Foundation said in a statement, “We are monitoring the situation in line with our data security practices. We don’t currently have an indication of a data breach at the foundation.”
The FBI declined to comment.
Twitter spokeswoman Katie Rosborough said, “We’re aware of this account activity and are taking widespread enforcement action under our rules, specifically our policy on private information. We’re also taking bulk removal action on the URL that links to the site in question.”
Potter, chief executive of Australian company Internet 2.0, said he was able to gain access into the WHO computer systems using email addresses and passwords posted on the Internet. The WHO has come under heavy criticism, including from President Trump, who suspended funding to it, for its response to the novel coronavirus and has been accused of being too deferential to China.