News

Home » News

Avatar photo

By Nick Cowen

2 minute read

24 May 2018

03:06 pm

Massive data leak affects nearly one million South Africans

Local online traffic fine payment site ViewFines has been identified as the source of the leak.

One million South Africans has seen the data leaked online

Nearly a million South Africans have had their personal data leaked.

Working together with Cybersecurity expert and founder of HaveIBeenPwned.com, iAfrikan reported that the personal data records of 934 000 South Africans had been found online.

The datasets contain ID numbers, cell numbers, full names, surnames, email addresses and – most worryingly of all – passwords that were stored in plain text. The data was provided by an anonymous source who said it was taken off a public server that belongs to a company that handles the online payment of traffic fines in South Africa.

“The person who sent me the link [to the data] did so through via a hacking site used for distributing material,” Hunt told The Citizen. “I don’t know whether they put it there, or if they just found it. In a way it doesn’t matter – the data is out there and in circulation.”

Hunt said he had identified website ViewFines.co.za as the source of the leak.

“The website provides secured access to all outstanding offences issued by the listed Municipalities which were registered against your ID number,” a statement on the ViewFines landing pages reads.

“The registration provides you absolute security, and access is only allowed by ID and your personal password. No other member of the public can access your outstanding offence information.”

Using a free service called Mailinator, Hunt says he was able to send himself password resets using the email addresses contained in the leak via the ViewFines site.

“The element that makes [this leak] worse is the ‘plain text’ passwords,” Hunt said. “The reason this is a risk is that there are hundreds of thousands of email/passwords pairs that have been exposed, that will likely match accounts on other sites – such as eBay or Amazon or iTunes.”

“Lately, over the last six months, there has been a real uptick in malicious account takeovers,” Hunt said. “This is made possibly by people using the same email and password across multiple accounts.”

The ViewFines leak comes less than a year after the personal data of 60 million South Africans was discovered in a forward-facing server, available to anyone with the know how to help themselves.

Anyone who thinks they may have been affected is urged to change their passwords as soon as possible. They can also use Hunt’s site, HaveIBeenPwned, to check whether their email address has been compromised.

Read more on these topics

Science

Catch up with the latest news from The Citizen on WhatsApp by following our channel. Click here to join.

EDITOR'S CHOICE

Courts Senzo Meyiwa trial: Defence asks why Kelly Khumalo wasn’t arrested
News SA water woes ‘a crisis’ for Ramaphosa
Lotto PowerBall winner to use jackpot winnings to travel to US to meet grandchild for first time
Crime SA has over 110 000 rape kits, but here’s why you won’t find them at every police station
Local News Health minister condemns acts of violence at Themba Hospital

Click here to get The Citizen news and updates on Whatsapp.

Find out more

RELATED ARTICLES

Access premium news and stories

Access to the top content, vouchers and other member only benefits

Subscribe