Online hacktivist Anonymous leaked personal data including phone numbers and passwords of about 1,415 delegates of the Paris climate summit, which started on Nov. 30, 2015.
UN confirmed the news and said that the hackers used the UN Framework Convention on Climate Change (UNFCCC) website to perform their offensive activities.
"I can confirm there was a hacking incident earlier this week and that has been handled by the conference's IT security experts," said Nick Nuttall, the UN climate secretariat spokesperson.
The national officials whose personal details have been hacked include leaders from the U.S., UK, Peru, Switzerland and France. Data of some British officials, including those working for the British Council and the Department for Environment, Food and Rural Affairs, have already been placed in the public domain
Anonymous said their intervention was driven by the arrest of protesters who were on a march during the climate talks. Organizers planning a peaceful protest were seized of control by insurgent individuals who later clashed with the police.
Before the climate summit, the French government declared a state of emergency due to the terrorist attacks. Part of the said declaration is the prohibition of all types of public rallies.
"We could deface the site, but that won't hurt them, we know data leak will and does so there's more to come," said someone from Anonymous. The person added that their action was not only about fighting police brutality, it is also about showing their disagreement against Cop21.
Security researcher Oliver Farnan from Cyber Security Network in Oxford University said the incident is shameful for the UNFCCC. The particular attack used is well-recognized for its vulnerability and to put the entire database into this type of jeopardy signifies insufficient focus on security. "For the UNFCCC itself it's embarrassing," he said.
Farnan further said that the password encryption technique that the UNFCCC used is dated and that it must have been phased out before. The damage, however, is quite limited and officials can just change their passwords in their accounts with similar passwords.