Kaspersky warns South African banking customers to change passwords after major data breach

Hanno Labuschagne

MyBroadband
Staff member
Super Moderator
Joined
Sep 2, 2019
Messages
2,031
Kaspersky warns South African banking customers to change passwords after major data breach

South African banking customers who may have been affected by the recent data breach at credit services provider Experian should change their passwords.

This is according to comment from leading cybersecurity firm Kaspersky to the news that the company mistakenly provided personal information of up to 24 million South African banking customers and nearly 800,000 business entities to a suspected fraudster.

Experian South Africa released a statement on Wednesday regarding the data breach, assuring customers that no financial data was compromised.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,071
Sign up for an identity theft monitoring service.
There are countless services out there that can help secure your online and real-world identity. This type of service could be useful if you are impacted or are that you may have been.
Give more personal information to protect information. Just to wait for monitoring service to be breached.

Ridiculous.
 

Fulcrum29

Honorary Master
Joined
Jun 25, 2010
Messages
39,539
The API access leveraged by Experian had way too many privileges and I believe that those who designed and controlled the policy which governed the relationship didn't engage in due diligence and had little care and should be held accountable. Everyone which participated in this relationship should be questioned on why they are administrating bad practices which aren't in-line with ITIL (and any other related library) especially considering that this is the banking sector which is exposed due to maladministration.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
54,898
How does changing your password help at all, tell me that Kaspersky, or are you noob like the banks? Were the passwords leaked?

No, things were leaked that assist with phishing and it's variants possibly, now some people well just give/enter their new changed passwords to the scammer/website.

If more info than that was leaked (like what accounts a person has and such), now the scammers can answer a lot of security questions, like the ones at Telkom and get contracts/devices.
 

Fulcrum29

Honorary Master
Joined
Jun 25, 2010
Messages
39,539
What I do see as strange is that all these parties and advisers are lecturing the users on security when the breach was within the operators' domain.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,071
What I do see as strange is that all these parties and advisers are lecturing the users on security when the breach was within the operators' domain.
2020 customer service: Just remember every fault is because of you. We are only trying to fix your mistake.
2021 customer service: I let my wallet do the talking.

So sick of these entitled companies and institutions that get away with everything, but the Man on the street gets shafted.
Just reading the Amazon jobs thread makes me want to fume.
 

WollieVerstege

Well-Known Member
Joined
Jun 1, 2016
Messages
398
From what I understand the only information that was shared is information that they normally sell to 3rd parties in any case. This never included passwords before, or did it?
 

RandomGeek

Expert Member
Joined
May 14, 2015
Messages
1,754
How does changing your password help at all, tell me that Kaspersky, or are you noob like the banks? Were the passwords leaked?

No, things were leaked that assist with phishing and it's variants possibly, now some people well just give/enter their new changed passwords to the scammer/website.

If more info than that was leaked (like what accounts a person has and such), now the scammers can answer a lot of security questions, like the ones at Telkom and get contracts/devices.
People are jumping on this bandwagon to get airtime, plain and simple. Agreed their change your password advice is non-sensical
 

susefan

Well-Known Member
Joined
May 4, 2019
Messages
210
I have already changed my password. This is the new one: )BErfQ%bm3dgYCM(h%mN&zGZBaqNCw
 

garp

Executive Member
Joined
Aug 2, 2004
Messages
8,843
Why would your credit record data contain your passwords? This is obviously not going to happen. In fact, its going to be everything other than your password - i.e. your email address, id number, phone numbers etc, and unless you're prepared to try and change those, there's not much you can do apart from being hyper-vigilant for phishing, etc.

In any case, it seems to be data that they would quite willingly have provided to a paying customer, their issue is that it went to someone pretending to be a client of theirs.

Then of course, this kind of data has been breached so many times in SA, any scammer worth their salt would have had all our id numbers, email addresses etc for years already.
 

R13...

Honorary Master
Joined
Aug 4, 2008
Messages
36,040
Why? This breach is supposed to have occurred in May already so if there was a need to change passwords then that horse bolted months ago.
 

EagleEyed

Active Member
Joined
Aug 20, 2020
Messages
50
As far as I understand the incident, credit bureaus, such as this one, is in the business of selling consumer data, such as identity numbers, addresses and phone numbers.

By their own admission, a person approached them and provided them with a list of millions of names and identity numbers and he wanted to buy contact numbers for all those people. This guy misrepresented to be a client, but yet they updated his list with contact numbers of consumers.

The company later found that the real client never bought the data.

If only phone numbers were sold to the person, why should we change banking passwords? Unless, banks have sold our access details too and the credit bureau sold this to the criminal? If this is indeed the case, should the banks not rather cancel and issue new banking passwords by default?
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
25,071
As far as I understand the incident, credit bureaus, such as this one, is in the business of selling consumer data, such as identity numbers, addresses and phone numbers.

By their own admission, a person approached them and provided them with a list of millions of names and identity numbers and he wanted to buy contact numbers for all those people. This guy misrepresented to be a client, but yet they updated his list with contact numbers of consumers.

The company later found that the real client never bought the data.

If only phone numbers were sold to the person, why should we change banking passwords? Unless, banks have sold our access details too and the credit bureau sold this to the criminal? If this is indeed the case, should the banks not rather cancel and issue new banking passwords by default?
Logic doesn't work in this country. I've tried. Showed, lived it. People are fkn daft.
 

j4ck455

Executive Member
Joined
Jan 2, 2006
Messages
6,469
Sign up for an identity theft monitoring service. There are countless services out there that can help secure your online and real-world identity. This type of service could be useful if you are impacted or are afraid that you may have been.
https://www.google.co.za/search?q=identity+theft+monitoring+service

https://mytransunion.co.za/Products and https://www.identityguard.co.za/ are at the top of the search results.

So we are being told to trust yet another credit agency with protecting our identities when Experian ripped us a new one (several months ago) and left what seems to be every South African with a bank account butt naked in the cold winter wind.

As for IdentityGuard, if hackers and a "fraudster" don't steal your identity, their forensic investigators will steal your identity:
7d63023ff27329367a1b08a96c206fc9e00882bddc350128a3f9538daf6ff78c.png
 
Top