Another data breach for SA - passwords and IDs exposed

File image: IOL

File image: IOL

Published May 23, 2018

Share

CAPE TOWN - Another major leak has surfaced for South Africans.

A database containing sensitive personal data that came from a traffic fine platform has been leaked online, according to security researcher Troy Hunt and iAfrikan Digital founder Tefo Mohapi. 

The information contained in this leak includes names, ID numbers, e-mail addresses, and passwords stored in plain text from South African citizens reports iAfrikan. 

Austrailian Security researcher Troy Hunt, who runs the website Have I Been Pwned? which informs the world on data breaches worked with  Tefo Mohapi on the leak.

Mohapi explained in his findings that the database had close to 1 million personal records and was “discovered on a public web server that belongs to a company that handles electronic traffic fine payments in South Africa”.

He said that 934,000 personal records of South Africans have been leaked publicly online. 

He said iAfrikan was able to view the publicly available database, and it may be a case of negligence and carelessness regarding the safety of the data.

According to Mohapi, it appears that a backup of the sensitive data was saved in a directory which was publicly accessible.

Mohapi said he notified all relevant authorities, including the Hawks and the NPA Cybercrime Unit, before publishing the report on iAfrikan.

“If you have ever registered on any system online that allows you to receive notifications and pay for traffic fines, it is best you go change your password,” he said.

Hunt again took to Twitter to inform South African's about the breach like he did before. 

I’ve worked with @TefoMohapi on this and it’ll be searchable in @haveibeenpwned tomorrow. Sorry South Africa, that’s another one for you. https://t.co/fGLv1pq559

— Troy Hunt (@troyhunt) May 23, 2018

In the tweet, Hunt is referring to a previous database leaked which happened in October 2017, which contained the private data of millions of South Africans.

Hunt made the discovery back in October and took to Twitter to reach out to South Africans to see if the data breach was legitimate. 

It’s suspected that the data may have been uploaded around three years ago.

The Home Affairs Department was only able to confirm that it was looking into the data breach, but is committed to providing a comprehensive response. 

Troy Hunt says it’s not known how many unauthorised parties have accessed the data.

READ ALSO: Home Affairs set to investigate massive data breach

READ ALSO: Real Estate company admits to being source of #Dataleaks 

TOP STORY: Beware of new DSTV scam

- BUSINESS REPORT ONLINE

Related Topics: