South Africa suffers data breach

South Africa has been hit with a data breach discovered by an Australian-based security developer Troy Hunt on Tuesday,

“The database contining 23 gigabytes of data with significant details, including South Africans’ 13-digit ID numbers might have been online for as long as two years. “It’s a huge amount of personal information which is used for purposes very often identity verification.” Troy Said.

The data breach involving the personal details of an estimated 33 million South Africans has raised concerns over its use for identity theft and other criminal activity. He announced his findings in a tweet on Tuesday;

An IP address linked to the unsecured server has been traced to a company in Midrand, but the staff there accuse another Gauteng company of being responsible for the breach. By far, while an IP address clearly links one of the parties, the firm claims the data is not theirs and a website was maliciously registered on their server.

Details about children as young as three are contained in a data leak involving the records of millions of South Africans. Australian web security expert Troy Hunt tweeted that he had found the leak contained the records of millions of South Africans. The records include those of 12.4 million children and just fewer than 10 million teenagers.

“I was pretty stunned to see that 19% of the records in there are apparently children. That’s not including teenagers either – and if we add them‚ that figure jumps to 29%‚” Hunt wrote.

The data includes‚ among other details‚ people’s ID numbers‚ ages‚ marital status‚ occupations‚ estimated incomes‚ addresses and cellphone numbers. One of South Africa’s top real estate firms said it was the unwitting source of the data hacked in the largest known personal data breach in South Africa.

The websites of Jigsaw Holdings‚ Aida‚ ERA and Realty-1 were offline yesterday.  Aida chief executive Braam de Jager said he had absolutely no idea how the information had been published on the firm’s server‚ but the matter was being investigated.

He said the information had been bought from credit bureau Dracore in 2014 to trace potential clients who wanted to sell their houses. South Africans can do little about the leak‚ because the data was uploaded on a server that can be accessed and downloaded if people know where to look.

Professor Basie von Solms‚ director of the Centre for Cyber Security at the University of Johannesburg‚ said earlier this week that South Africans were not out of the woods‚ because Hunt and others could have made back-ups of the information. Courtesy: The Herald.

At the time of post users could check their status at ‘Have I Been Pwned?’ website of Troy Hunt. Here is what he had to say after;

I can’t help those who have questions around whether they were in the data set if their email address doesn’t show up in @haveibeenpwned

— Troy Hunt (@troyhunt) October 18, 2017

The breach is described as the biggest ever leak of private information in South Africa’s history.