Barely a year after South Africa’s largest data leak was revealed in 2017, the country has suffered yet another data leak as 934,000 personal records of South Africans have been leaked publicly online. The data includes, among others, national identity numbers (ID numbers), e-mail addresses, full names, as well as plain text passwords to what appears to be a traffic fines related online system.
Working together with Troy Hunt, an Australian Security consultant and founder of haveibeenpwned, along with an anonymous source that has been communicating with iAfrikan and Hunt, we’ve managed to establish that the data was backed up or posted publicly by one of the companies responsible for traffic fines online payments in South Africa.
They further added that the database which contains just under 1 million personal records, was discovered on a public web server that belongs to a company that handles electronic traffic fine payments in South Africa. iAfrikan was able to view the publicly available database and, just like the 2017 data leak of 60 million personal records of South Africans, it appears to be a possible case of negligence and carelessness when handle citizens data directory listing/browsing were enabled on the directory where their “backups” were saved.