CIPC hackers contact MyBroadband to warn the breach is much worse than people are told

[Jan]

Hackers who breached South Africa's companies database say its much worse than anyone knows

A ransomware gang claiming responsibility for the Companies and Intellectual Property Commission (CIPC) hack says they’ve had access to the agency’s systems since 2021.

The CIPC is an agency inside the Department of Trade, Industry, and Competition where companies, co-operatives, and intellectual property is registered.

 

[DapperDanMan]

Hahaha! Perfect!

Jan, you know some radicals!!!

 

[Solarion]

Eeeish.

 

[Jet-Fighter7700]

let me guess the password was ANCjesus2024
or was it held by 100 consultants and a hundred assistants to those consultants

 

[Fulcrum29]

They said they could’ve exfiltrated the CIPC’s entire database — including plain text passwords and credit card information.

Could’ve, should've, did've. So, say they do speak the truth, then it is vulnerable.

 

[Fulcrum29]

Hahaha! Perfect!

Jan, you know some radicals!!!

Jan en die Gemaskerde Sopbeen.

 

[rvZA]

Thank you AA. Thank you BEE.

 

[Arthur]

The people who contacted MyBB are admitting to a criminal offence. No doubt you did the right thing and informed the CIPC and SAPS?

 

[Jan]

The people who contacted MyBB are admitting to a criminal offence. No doubt you did the right thing and informed the CIPC and SAPS?

Not to be that passive aggressive email writer or anything, but...

As per the article...

 

[Swa]

Haha, most likely won't comment because they are in groot kakk.

The group also showed MyBroadband that it was possible to access someone’s CIPC user account without knowing their password.

Yet is was a mission for me to get the correct details just to search trademark info.

 

[Iamn0tageek]

Good luck trying to hack systems that has an updated AVG FREE anti virus installed.

 

[Solarion]

Likely hackers trying to make it more public so as to put pressure to pay up.

 

[B-1]

Oooh we finally going to see POPPIA's teeth?

 

[FiestaST]

 

[Dan C]

Thank you AA. Thank you BEE.

When you finally finish school. At least make sure you pass matric.

 

[skimread]

The attackers told MyBroadband that they got in using an exploit in a system developed for the CIPC by software development house Sword South Africa.
...
This time, they also downloaded all of Sword South Africa’s source code for the exploited systems.

“The code is full of ridiculous security holes and it’s quite clear that these have never been through a security audit,” they said.

Dodgy looking site:

https://sword-sa.com/

 

[Fuzzbox]

30%ers in charge of the CIPC database.
How could this have happened?

 

[dontcryforme]

Plain text passwords.

 

[dontcryforme]

How stupid do you have to be to still store passwords in plain text. Monkeys would be more capable than those rubish working for the CIPC

 

[skimread]

Their developer studied information security at university of London. Getting a masters in Computer and Information systems security.

Who wants to best such a degree doesn't exist at that university?