There were several large data leaks and hacks in South Africa in 2017, the biggest of which was the leak of the personal information of nearly every South African.
Private data such as addresses, monthly salary, ID numbers, and full names were exposed in a database containing 75 million records.
Dubbed the “master deeds leak”, the data was uploaded to the public webserver of Jigsaw Holdings in Hetzner’s data centre.
A 27.2GB database backup file was left unprotected on the server, and security researchers also discovered that the live database was accessible from the Internet with login credentials readily available in Google.
While the backup file contained the data of 66 million people, including 12.5 million children, the live database exposed over 75 million records with unique ID numbers.
The master deeds leak was joined by several major local security events in 2017, which included:
- Massive flaw in old Ster-Kinekor website leaked clients’ private data – Ster-Kinekor’s old website leaked the private data of up to 6.7 million users.
- IEC online voter registration system suffers big security flaw – The IEC’s new online voter registration portal had a security flaw in the system.
- Hetzner database hack – The details – Hetzner’s konsoleH database was compromised, exposing customer details, FTP passwords, and domain names.
- Anonymous hacks Saab Grintek Defence in South Africa – The online services of Saab Grintek Defence were targeted.
- R1.6 million stolen from ABSA client after Vodacom SIM-swap fraud – SIM-swap fraud continued to make headlines.
- South African police phone surveillance abuse must end – R2K – The SAPS are allegedly abusing a process to access cellphone records.