MyBroadband recently discovered a post on a hacker forum claiming to offer over 27,000 Showmax usernames and passwords.
The credentials were found on the same forum hosting the recent JD Group data breach.
Showmax owner MultiChoice has confirmed that the database is authentic and that it has taken steps to protect affected subscribers.
“We are aware that some subscriber emails and passwords have been posted online,” a MultiChoice spokesperson told MyBroadband.
“Our dedicated cybersecurity team immediately initiated a thorough investigation to assess the incident’s scope and nature.”
MultiChoice declined to provide details about how the attackers obtained the data.
“While we cannot provide specific details at this time, we have taken appropriate measures to address the situation and protect our users’ information.”
The company said it has security mechanisms in place to respond to such incidents.
“In cases where user passwords may be compromised, affected users are automatically logged out of their accounts and prompted to reset their passwords,” it said.
A basic analysis of the leak reveals that the file contains 27,911 lines, with an email address (representing a username) on each line. However, the first 100-odd lines appear to have partial or truncated records.
At first blush, it appears the leak could be the result of credential harvesting by brute-force attack, as many of the passwords were weak.
A “brute-force” involves guessing millions of passwords and username combinations to see if they work.
Popular password choices included 12345678, password, password1, password99, password@50, and password1234$.
Other easily-guessable passwords like “slayer” and “Moeder” were also used.
However, there were also a handful of strong passwords in the mix.
In June 2022, there was a security report that Showmax lacked rate limiting on its authentication and password recovery pages.
This would make it easier for malicious actors to execute a brute-force attack.
Although MultiChoice didn’t wish to provide further details, it did state that the credential leak was not due to a brute-force attack.
“While this incident had no relation to brute-force hacking activities, we strictly adhere to privacy regulations and employ industry-standard security measures to protect our customers’ valuable information on our platform from all security threats,” MultiChoice said.
“The data was not stolen from Showmax. We can confirm this because the majority of the information contained was inaccurate and had no links to our customer base. However, the credentials appear to have been procured by malicious actors and placed on a hacker forum.
“We continuously review and update our security protocols to ensure the ongoing safety of user data. Protecting the security and privacy of our customers is a top priority for us.”
Data breach affecting Incredible Connection, HiFi Corp, Everyshop
MyBroadband found the Showmax credential database when a reader alerted us to an apparent data breach potentially affecting 67,000 Everyshop customers last week.
Upon investigating the issue, we found that a well-known data-leaking group had posted a second database containing the records of over 500,000 JD Group customers.
This purportedly included people who shopped at Incredible (Connection), HiFi Corp, Everyshop, Bradlows, Rochester, Russells, and Sleepmasters.
JD Group confirmed the breach and has posted a “Data Security Incident” notice on the websites of the impacted stores.
The company said it does not know the source or the identity of the unauthorised person that accessed the personal information.
It also did not say whether it would alert impacted customers individually, besides the notice posted on its website.
“As soon as we became aware of a possible [Protection of Personal Information Act] breach, we communicated in line with our regulatory requirements,” JD Group said.