Data leak exposes names, ID numbers, and plain-text passwords of South Africans

[Jamie McKane]

Data leak exposes names, ID numbers, and plain-text passwords of 934,000 South Africans

A South African database containing sensitive personal data, which appears to have originated from a traffic department, has been leaked online.

The information contained in this leak includes names, ID numbers, e-mail addresses, and passwords stored in plain text from South African citizens.

 

[supersunbird]

Wonder if its https://www.paymyfines.co.za, which is run by the eNatis and e-toll system guys.

Paycity would have more info than just traffic.

 

[PhireSide]

Wonder if its https://www.paymyfines.co.za, which is run by the eNatis and e-toll system guys.

Paycity would have more info than just traffic.

Quite possible. I am registered there too, but with a random pwd generated with LastPass. Guess I will be changing it soon, lest someone try and pay my fines for me

 

[Batista]

Wonder if its https://www.paymyfines.co.za, which is run by the eNatis and e-toll system guys.

Paycity would have more info than just traffic.

I agree after looking at that horrible site.Those buttons in the middle of the page....looks very amateurish, also they allow access to search without login:crylaugh:

 

[system32]

The information contained in this leak includes Names, ID numbers, e-mail addresses, and passwords stored in plain text from close to 1 million South African citizens.

“If you have ever registered on any system online that allows you to receive notifications and pay for traffic fines, it is best you go change your password,” he said.

Password changed, now how do I change my Name & ID number so that information can't be used to open a fraudulent account?

 

[Longboi]

Password changed, now how do I change my Name & ID number so that information can't be used to open a fraudulent account?

Go to Home affairs and they can change it for you. You'll need ID of parents and your own ID doc as well.

 

[3WA]

Well, sh**. Let's hope my security through obscurity defence holds firm.

 

[dunkyd]

Well, sh**. Let's hope my security through obscurity defence holds firm.

That you John ?

 

[3WA]

That you John ?

 

[RedViking]

Again....

 

[Jet-Fighter7700]

Cr@p more leaks, is IT security handled by complete mor0ns in SA?

 

[Creag]

Cr@p more leaks, is IT security handled by complete mor0ns in SA?

Simply put, yes!

 

[Creag]

The October 2017 data leak contained the ID numbers, contact details, addresses, and income estimates of 60 million South Africans, which include deceased citizens.

60 million South Africans earn an income? :wtf:

Whoever is responsible for the porous IT security for this leak ought to be drawn and quartered -- and then fed to Spotted Hyenas.

I doubt that even the threat of POPI will force them to improve security & protection of personal information :erm:

 

[MoHaG]

My email address given to PayCity does not show as compromised...

So it is probably someone else... Anyone have a catch all setup and registered on more than one of the fine sites?

 

[supersunbird]

My email address given to PayCity does not show as compromised...

So it is probably someone else... Anyone have a catch all setup and registered on more than one of the fine sites?

Yes, just like I said, probably the other website...

 

[f2wohf]

Wonder if its https://www.paymyfines.co.za, which is run by the eNatis and e-toll system guys.

Paycity would have more info than just traffic.

Possible since I'm not on paymyfines but on Paycity and my address is safe.

 

[Kosmik]

plain text

 

[Jet-Fighter7700]

so whats the point of using your real email address on any of these sites then?

should I just use the + prefix in front of my email address on gmail and it will identify who used my mail address?

 

[Werfetter]

Cr@p more leaks, is IT security handled by complete mor0ns in SA?

Nope I disagree, IT security is not handled by ANYONE in SA. It simply is not considered by most places until it is too late...

 

[Newsfeed]

Mohapi and Hunt have now published the list of compromised accounts on Have I Been Pwned, allowing users to check if they are affected.

Checking if your account has been compromised can be done by navigating to the Have I Been Pwned website and entering your email address into the required field.