The private records of about 31.6 million South Africans are still online and available for download after possibly the largest data breach yet in the country.
Troy Hunt‚ Australian web security expert‚ first tweeted about the breach on Tuesday.
South African followers: I have a very large breach titled “masterdeeds”. Names, genders, ethnicities, home ownership; looks gov, ideas?
— Troy Hunt (@troyhunt) October 17, 2017
Hunt said it was not the largest data breach he had ever seen‚ but it was concerning because it listed “almost every living person” in South Africa.
“Every person that I have checked that sent me their ID number‚ I have found a record for. That is very concerning.”
The breach contains‚ among other things‚ ID numbers‚ ages‚ locations‚ marital status‚ occupation‚ estimated income‚ physical addresses and cellphone numbers.
Hunt was shocked after he received a link from someone‚ asking him to confirm whether it was the same file.
“It’s crazy‚” he said.
Hunt has been trying to contact whoever uploaded the data to try and have it removed.
Hunt received the information earlier this year‚ but he only got around to checking it earlier this week.
He often receives information from various sources as he is the creator of HaveIBeenPwnd.com‚ a website where you can check if your information has been compromised in any data breaches against about 4.8 billion records.
“There’s a lot of people that support the project and when they see data has been hacked out of a company or leaked somewhere, they send it to me so that I can load it in there and notify people that are in there. Fortunately these are people that often have a very ethical intent.”
Professor Basie von Solms‚ director of the Centre for Cyber Security at the University of Johannesburg‚ said cyber criminals can use the information in this breach to obtain credit.
“With enough personal information‚ one can do damage to a person by illegally opening credit accounts or make bookings. It is an extremely big risk. The great risk is to the individual whose data has been breached.”
– Additional reporting by Ernest Mabuza