“This South African data breach is one of the worst I’ve ever seen on many levels,” said security researcher Troy Hunt.
His response comes after iAfrikan CEO Tefo Mohapi reported that the source of the leak had been identified and alerted, but had not taken down the site where the information was available.
Hunt said he received the data as a 27.2GB MySQL backup called “masterdeeds.sql”, and when he tried to restore the file, it failed after 31.6 million records had been imported.
While 30 million records is not the largest leak Hunt has received, what sets it apart is the volume of private data it exposed.
“The data included extensive personal attributes such as names, addresses, ethnicities, genders, birth dates, government-issued personal identification numbers, and 2.2 million email addresses,” said Hunt.
It also contained home ownership status, job titles, employers, living standard measures, and estimated monthly income.
Mohapi linked the breach to Jigsaw Holdings, a company which handles property brands.
When MyBroadband contacted Jigsaw, it said it was not aware the data was available from one of its servers.
Since then, Jigsaw was given the IP address of the server and Mohapi reports the database has been taken offline.