Data breach hits 30m South Africans

The personal information of about 30 million South Africans has been compromised.

This was revealed by Australian-based IT security researcher Troy Hunt. He created the Have I been pwned? platform as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach.

Following the discovery of what is potentially SA’s biggest data breach, yesterday Hunt tweeted: “South African followers: I have a very large breach titled “masterdeeds”. Names, genders, ethnicities, home ownership; looks gov, ideas?”

ITWeb contacted Hunt for more details about the discovery and he said the information was sent to him by a supporter of “Have I Been pwned” who found the data exposed online.

“Based on the data I’ve been able to process already, at least 30 million but likely much more,” Hunt said in an e-mail. “It contained everything from national ID numbers to names, addresses, genders, birth dates and ethnicities.”

The full list can be accessed here.

According to Hunt, the data was published to a publicly facing Web server where it was easily located.

“It’s gross incompetence on behalf of the owner of the server. This seems like a case where a regulatory penalty should be imposed, but of course that won’t help those who’ve already had their data exposed. It’s enormously important that the server gets taken down ASAP.”

Read more…