South Africans must be worried about recent massive data leak

[Hanno Labuschagne]

South Africans must be worried about recent massive data leak

Cybersecurity experts have warned that South Africans should be concerned about the recent discovery of what could be the largest database leak in history.

On Wednesday, researchers at Cybernews discovered an exposed database containing 24 billion records, including usernames, email addresses, plaintext passwords and login URLs.

 

[JerryMungo]

Sounds to me like someone just compiled their various stashes into one big stash. Nothing to see here.
Rotate your most important passwords. Make sure your important accounts have 2fa enabled.

This is a compilation, not a breach:

It's an aggregation of infostealer logs scraped from Telegram channels plus "older breaches and other unknown sources." That's recycled data, not a fresh compromise of any specific service.

Cybernews explicitly couldn't say how much was duplicated vs. original, couldn't date the records, and couldn't identify an owner. A real breach has a victim, a vector, and a timeframe. This has none.

It was sitting on an exposed Elasticsearch cluster… in other words, someone's collection was misconfigured, which is how almost all of these "X billion record" stories surface.

The same genre as the January 2024 "Mother of All Breaches" (26B) and the mid-2025 "16 billion passwords" story. Big round numbers, infostealer + Telegram provenance, no named breached entity. The record count is inflated by duplication across the 36+ sources, so 24 billion records is nowhere near 24 billion distinct compromised accounts.

The "February 2026" hint is weaker than it reads. That date comes from the collector also scraping cybersecurity news articles, not from the credentials themselves, so it dates the collector's activity, not the freshness of the stolen passwords.

What would actually warrant concern (and isn't present): a named service with a confirmed fresh breach, or evidence these are live/unrotated credentials rather than known dumps already in Have I Been Pwned and similar.

So the practical takeaway is no different from every prior version of this story: have unique passwords per site, a password manager, and MFA everywhere... this will make every credential in a dump like this worthless.

 

[Unreal]

Already had someone trying to change my FNB login credentials

 

[My_King]

What data leaks?

The companies said no trace mos.

 

[FiestaST]

Must do gud job ©

 

[ActivateD]

Repackaging infostealer logs is nothing new it happens all the time additionally these credentials were already breached so nothing new??

 

[gregmcc]

"experts"

What's it got to do with South African's? It's just a giant list from multiple sources put together. Nothing to see here.
Move along.

 

[borro]

Must do gud job ©

Must fix it nice

 

[mr_norris]

@cybersecurityexperts rest assured, I am massively concerned

 

[system32]

After all these ZA data leaks

• TransUnion 2022
• Experian 2020
• Standard Bank / Liberty 2026
• StatsSA 2026
• Polmed
• XP95 Gauteng Provincial Government 2026
• Cell C 2025/26
• The "Master Deeds" Leak 2017
• Netstar 2026
• etc

We may as well assume that any Phisher has your:

• Full Name
• RSA ID
• Date of Birth
• Gender
• Home Address
• Employer
• Primary Bank
• Credit Card Type
• Credit Score
• Marital Status

Retired teacher loses R1.2m in scam (Banking App compromised by sophisticated Phisher & trojan app)
See https://iol.co.za/news/south-africa...m-nedbank-responds-with-r20k-goodwill-payout/

Teacher received a WhatsApp call from a woman who identified herself only as "Rose", claiming to represent South African Airways and offering a promotional discount.​

​

The caller was disarmingly well-prepared.​

​

"Rose knew my name and ID number and told me that I had not flown SAA since 2016", which was probably true. "She confirmed that since I am 63, I would receive a 60% discount on any local or international flights valid until September 30, 2026".​

​

The lure was a Voyager mile card and a promotional code, 365585, valid for 12 months. To access the supposed special SAA pricing, Rose sent her a link to what appeared to be the official SAA app.​

​

"It looked exactly like an SAA app with dates and prices for flights to Durban, which she asked me to check" lady recalls. The call lasted approximately 20 minutes.​

​

The rogue app silently took over her phone and used the Nedbank App and Standard Bank App to transfer money out. R1.2m gone in a few minutes.​

 

[Heisenborg]

 

[Tim_vb]

Retired teacher loses R1.2m in scam (Banking App compromised by sophisticated Phisher & trojan app)
See https://iol.co.za/news/south-africa...m-nedbank-responds-with-r20k-goodwill-payout/

Teacher received a WhatsApp call from a woman who identified herself only as "Rose", claiming to represent South African Airways and offering a promotional discount.​

​

The caller was disarmingly well-prepared.​

​

"Rose knew my name and ID number and told me that I had not flown SAA since 2016", which was probably true. "She confirmed that since I am 63, I would receive a 60% discount on any local or international flights valid until September 30, 2026".​

​

The lure was a Voyager mile card and a promotional code, 365585, valid for 12 months. To access the supposed special SAA pricing, Rose sent her a link to what appeared to be the official SAA app.​

​

"It looked exactly like an SAA app with dates and prices for flights to Durban, which she asked me to check" lady recalls. The call lasted approximately 20 minutes.​

​

The rogue app silently took over her phone and used the Nedbank App and Standard Bank App to transfer money out. R1.2m gone in a few minutes.​

Any up to date androis / ios should have been flashing red lights all over the place during that "app" installation