Creator and founder of HaveIBeenPwned.com, Troy Hunt, discovered yet another data dump last year. This one reportedly contained personal data belonging to millions in this staggering South African data breach.
At the time of discovery, the information was available from an online public database back-up file and even came with a smaller compressed version. Anyone on the site could download the information.
The South African data breach dump reportedly included:
- Names
- Citizenships
- Genders
- Ages
- Property ownership information (deeds, locations, sale prices)
- Marital statuses
- Deceased statuses
- Addresses
- Employment histories
- Incomes
- Company directorships
- Unique South African ID numbers
- Email addresses
As far as Hunt is aware, the huge clump of information has not yet been put up for sale, but it’s noted that “it is definitely floating around between traders”.
To identify the information, Hunt analysed some of the data and believes that the breach took place before March 2017. The data itself dates back as early as the 1990s. Having consulted with Hunt, IAfrikan.com has reportedly suggested that, due to the type and quantity of the information, it was most likely that the information was taken from a credit bureau or a data aggregation company. They’ve pointed the finger at Dracore Data Sciences.
Hunt did not mince his words over the severity of the situation. He said:
“They’ve collected an enormous volume of data and I’m not sure the owners of that data ever gave their consent. That may still be legal but the backlash will be severe. They then published that data to a web server with absolutely zero protection and, of course, unauthorised parties found it.”
He added that anyone could find the confidential personal data contained within this South African data breach just by doing a simple online search. “There is now going to be a very serious spotlight shone on them for the sheer incompetence of their actions and they’re in no position to threaten those who’ve reported this to them responsibly.”
Over 30 million records were breached, including 2.2 million email addresses.
With this much information, the data ‘traders’ could sell this information to people who will email the subjects listed with direct marketing emails to try and sell their goods and services, or go down a darker route and send out phishing emails loaded with malware.
Email addresses are surprisingly valuable to cyber criminals and unscrupulous marketing companies who love to send masses of unwanted emails for financial gain.