The personal information of about 32 million South African’s has been leaked online. This is according to Troy Hunt, creator of the site, Have I been Pwnd?. Hunt also revealed the Ster Kinekor data breach that put 7 million user’s data at risk.
Hunt informed people via Twitter and stated that the breach was “a very large breach titled ‘masterdeeds’”. He said the file date on the data was April 2015 and that it was unclear if it had been exposed since then.
This would be the biggest breach of Popi to have ever taken place. Hunt suggested that the database contained information pertaining to people’s ID numbers, gender, ethnicity, home ownership and contact information.
MyBroadband reported that Hunt found to 30 GB file it on a torrent site and he gained 31.6 million records before it crashed. Hunt estimates that there may even be more files totaling to 47 million. The file is apparently still easily accessible on the Internet for anyone to download.
The hack is speculated to come from a credit bureau as information such as “living standards” is included in the data. The Department of Rural Development and Land Reform said they have noted the claims of hacking and the alleged accessing of Deeds Registry information. They said they were investigating the matter.
However, a real estate firm seems to unwittingly be the source of the data breach. The information originated from Jigsaw Holdings, which includes Aida‚ ERA and Realty-1.
Aida chief executive Braam de Jager said they had absolutely no idea how the information had been published on their server before it was removed yesterday afternoon. “I have called forensic guys into my office who are busy investigating all of these things right now‚” he said. The information‚ which was available for download until yesterday morning‚ had been bought from credit bureau Dracore in 2014, he said. The information contains among other things the ID numbers‚ age‚ location‚ marital status‚ occupation‚ estimated income‚ physical address and cell phone numbers of millions of South Africans. De Jager said they had bought the information to track down potential clients who might want to sell their houses.
Manie van Schalkwyk of the SAFPS said the exposure is dangerous in that it presents an opportunity for fraudsters to open accounts and transact as one of the named parties in the leaked profiles‚ with enough information to verify that transaction as being conducted by themselves.
Van Schalkwyk is certain that every South African is in this database and should assume that this is the case.