South Africans must be worried about recent massive data leak

Hanno Labuschagne

Journalist
Staff member
Joined
Sep 2, 2019
Messages
6,509
Reaction score
4,789
Already had someone trying to change my FNB login credentials
 
Repackaging infostealer logs is nothing new it happens all the time additionally these credentials were already breached so nothing new??
 
"experts"

What's it got to do with South African's? It's just a giant list from multiple sources put together. Nothing to see here.
Move along.
 
After all these ZA data leaks
  • TransUnion 2022
  • Experian 2020
  • Standard Bank / Liberty 2026
  • StatsSA 2026
  • Polmed
  • XP95 Gauteng Provincial Government 2026
  • Cell C 2025/26
  • The "Master Deeds" Leak 2017
  • Netstar 2026
  • etc
We may as well assume that any Phisher has your:
  • Full Name
  • RSA ID
  • Date of Birth
  • Gender
  • Home Address
  • Employer
  • Primary Bank
  • Credit Card Type
  • Credit Score
  • Marital Status
Retired teacher loses R1.2m in scam (Banking App compromised by sophisticated Phisher & trojan app)
See https://iol.co.za/news/south-africa...m-nedbank-responds-with-r20k-goodwill-payout/
Teacher received a WhatsApp call from a woman who identified herself only as "Rose", claiming to represent South African Airways and offering a promotional discount.
The caller was disarmingly well-prepared.
"Rose knew my name and ID number and told me that I had not flown SAA since 2016", which was probably true. "She confirmed that since I am 63, I would receive a 60% discount on any local or international flights valid until September 30, 2026".
The lure was a Voyager mile card and a promotional code, 365585, valid for 12 months. To access the supposed special SAA pricing, Rose sent her a link to what appeared to be the official SAA app.
"It looked exactly like an SAA app with dates and prices for flights to Durban, which she asked me to check" lady recalls. The call lasted approximately 20 minutes.
The rogue app silently took over her phone and used the Nedbank App and Standard Bank App to transfer money out. R1.2m gone in a few minutes.
 
Retired teacher loses R1.2m in scam (Banking App compromised by sophisticated Phisher & trojan app)
See https://iol.co.za/news/south-africa...m-nedbank-responds-with-r20k-goodwill-payout/
Teacher received a WhatsApp call from a woman who identified herself only as "Rose", claiming to represent South African Airways and offering a promotional discount.
The caller was disarmingly well-prepared.
"Rose knew my name and ID number and told me that I had not flown SAA since 2016", which was probably true. "She confirmed that since I am 63, I would receive a 60% discount on any local or international flights valid until September 30, 2026".
The lure was a Voyager mile card and a promotional code, 365585, valid for 12 months. To access the supposed special SAA pricing, Rose sent her a link to what appeared to be the official SAA app.
"It looked exactly like an SAA app with dates and prices for flights to Durban, which she asked me to check" lady recalls. The call lasted approximately 20 minutes.
The rogue app silently took over her phone and used the Nedbank App and Standard Bank App to transfer money out. R1.2m gone in a few minutes.
Any up to date androis / ios should have been flashing red lights all over the place during that "app" installation
 
Any up to date androis / ios should have been flashing red lights all over the place during that "app" installation
These scammers buy or takeover small legitimate trusted apps then re-release them rebranded with hidden RAT capabilities.
aka "Trojan Horse Update" play store update or a "Supply Chain Attack" (use my special SDK)

Google Says Nothing To See Here As 50 Android Apps Infected By Malware (2026)
see https://www.forbes.com/sites/daveyw...apps-with-2-million-downloads-hit-by-malware/

300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads (2025)
see https://www.securityweek.com/300-ma...sted-on-google-play-had-60-million-downloads/

Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease (2025)
see https://www.bitdefender.com/en-gb/blog/labs/malicious-google-play-apps-bypassed-android-security
 
thats one hell of a web app but I guess anything is possible
It was likely either a website or a unverified apk. The 20min call was taking the person through the steps to install the " app"
 
Top
Sign up to the MyBroadband newsletter
X