About 30-million identity numbers and other personal and financial information had been hacked and leaked online, it could be the biggest data breach suffered by the South Africa.
The data breach was discovered by the popular cyber security expert Troy Hunt, he discovered an about 27 gigabytes dump that contained a wide range of sensitive information belonging to South Africans, including citizens ID numbers, personal income, age, employment history, company directorships, race group, marital status, occupation, employer and previous addresses.
South African followers: I have a very large breach titled "masterdeeds". Names, genders, ethnicities, home ownership; looks gov, ideas?
— Troy Hunt (@troyhunt) October 17, 2017
Fortunately, the huge trove of data wasn’t offered for sale yet, but it is a matter of time.
The dump includes information from at least as far back as the early 1990s, the analysis of date of file suggest the security breach took place in April 2015.
The source of the database is still unknown, Hunt shared some information on it to speed up its identification.
Data headers suggest the source may be Government, but we cannot exclude in this phase that data could be related to a financial organization or credit bureau.
According to the editorial staff at the iafrikan.com website, the source of data is the GoVault platform of the Dracore Data Sciences.which counts among its customers TransUnion, one the largest credit bureaux in South Africa.
“I first checked their GoVault platform as it is advertised as “the goldmine of information offers easy access to the contact details of South African consumers and homeowners.” states the website iafrikan.com.
“They’ve [Dracore] fucked up in a seriously large scale here. They’ve collected an enormous volume of data and I’m not sure the owners of that data ever gave their consent. That may still be legal, but the backlash will be severe. They then published that data to a web server with absolutely zero protection and, of course, unauthorized parties found it. You yourself [iAfrikan] found it very quickly just by searching for it. There is now going to be a very serious spotlight shone on them for the sheer incompetence of their actions and they’re in no position the threaten those who’ve reported this to them responsibly,” said Hunt when speaking to iAfrikan.
At this stage we can conclusively stop calling it a data hack or data breach, it is more like a leak, and I’m being kind calling it a leak as the DATA IS STILL UP ON THE WEBSITE AS I TYPE THESE WORDS!!!” concluded iAfrikan.”
(Security Affairs – South Africa, Data Leak)