Massive leak of your personal data
Info accessible from traffic fines payment website.
Security experts find the personal info of nearly one million South Africans.
Nearly a million South Africans have had their personal data leaked. Working together with cybersecurity expert and founder of HaveIBeenPwned.com Troy Hunt, iAfrikan reported that the personal data records of 934 000 South Africans have been found online.
The datasets contain ID numbers, cell numbers, full names, surnames, e-mail addresses and – most worryingly of all – passwords that were stored in plain text. The data was provided by an anonymous source, who said it was taken off a public server that belongs to a company that handles the online payment of traffic fines in South Africa.
In an interview with The Citizen, Hunt said he was unsure whether the leak was down to negligence or malicious behaviour.
“The person who sent me the link did so via a hacking site used for distributing material,” Hunt said. “I don’t know whether they put it there or if they just found it. It doesn’t matter – the data is out there and in circulation.”
Hunt said he has identified the website ViewFines.co.za as the source of the leak. “The website provides secured access to all outstanding offences issued by the listed municipalities, which were registered against your ID number,” a statement on the ViewFines landing pages reads. “The registration provides you absolute security ...”
Using a free service called Mailinator, Hunt says he was able to send himself password resets using the e-mail addresses contained in the leak via the ViewFines site. “The element that makes [this leak] worse is the ‘plain text’ passwords,” Hunt said. “The reason this is a risk is that there are hundreds of thousands of e-mail/passwords pairs that have been exposed that will likely match accounts on other sites – such as eBay or Amazon or iTunes.” –