A database containing sensitive personal data of South African citizens recently leaked online, as reported by iAfrikan.
The data originated from a traffic fine platform and contains the names, ID numbers, cellphone numbers, email addresses, and plain-text passwords of 934,000 South Africans.
Security researcher Troy Hunt – who runs Have I Been Pwned – worked with iAfrikan Digital founder Tefo Mohapi on the leak.
Mohapi said the data was discovered on a public web server for a local company which processes electronic traffic fine payments. The company is ViewFines.
The database contained the following information on South African users:
- ID numbers
- Full names
- Cellphone numbers
- Email addresses
- Passwords stored in plain text
The data was made accessible by enabling directory listing and browsing of backup databases on a web server.
How to check if you are affected
Mohapi and Hunt have now published the list of compromised accounts on Have I Been Pwned, allowing users to check if they are affected.
Checking if your account has been compromised can be done by navigating to the Have I Been Pwned website and entering your email address into the required field.
This will cross-reference your address with the database of affected accounts, and notify you if your details are compromised.
Due to the sensitive nature of the leak and the exposure of passwords stored in plain text, it is important that users whose details are in the database change their password across all the platforms where it was reused.