Data breach hits 30m South Africans


The personal information of about 30 million South Africans has been compromised.

This was revealed by Australian-based IT security researcher Troy Hunt. He created the Have I been pwned? platform as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach.

Following the discovery of what is potentially SA’s biggest data breach, yesterday Hunt tweeted: “South African followers: I have a very large breach titled “masterdeeds”. Names, genders, ethnicities, home ownership; looks gov, ideas?”

ITWeb contacted Hunt for more details about the discovery and he said the information was sent to him by a supporter of “Have I Been pwned” who found the data exposed online.

“Based on the data I’ve been able to process already, at least 30 million but likely much more,” Hunt said in an e-mail. “It contained everything from national ID numbers to names, addresses, genders, birth dates and ethnicities.”

The full list can be accessed here.

According to Hunt, the data was published to a publicly facing Web server where it was easily located.

“It’s gross incompetence on behalf of the owner of the server. This seems like a case where a regulatory penalty should be imposed, but of course that won’t help those who’ve already had their data exposed. It’s enormously important that the server gets taken down ASAP.”

Read more…

Source: itweb.co.za