The personal information of about 30 million South Africans has been compromised.
This was revealed by Australian-based IT security researcher Troy Hunt. He created the Have I been pwned? platform as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach.
Following the discovery of what is potentially SA’s biggest data breach, yesterday Hunt tweeted: “South African followers: I have a very large breach titled “masterdeeds”. Names, genders, ethnicities, home ownership; looks gov, ideas?”
ITWeb contacted Hunt for more details about the discovery and he said the information was sent to him by a supporter of “Have I Been pwned” who found the data exposed online.
“Based on the data I’ve been able to process already, at least 30 million but likely much more,” Hunt said in an e-mail. “It contained everything from national ID numbers to names, addresses, genders, birth dates and ethnicities.”
The full list can be accessed here.
According to Hunt, the data was published to a publicly facing Web server where it was easily located.
“It’s gross incompetence on behalf of the owner of the server. This seems like a case where a regulatory penalty should be imposed, but of course that won’t help those who’ve already had their data exposed. It’s enormously important that the server gets taken down ASAP.”