{"id":256397,"date":"2018-04-19T10:58:28","date_gmt":"2018-04-19T08:58:28","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=256397"},"modified":"2018-04-19T15:04:18","modified_gmt":"2018-04-19T13:04:18","slug":"sensitive-data-leaked-on-home-affairs-website","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/256397-sensitive-data-leaked-on-home-affairs-website.html","title":{"rendered":"ID and cellphone numbers leaked on Home Affairs website"},"content":{"rendered":"<p>A flaw in the Department of Home Affairs website has exposed the details of people attempting to contact the department.<\/p>\n<p>A MyBroadband reader contacted us regarding the issue, after he said several attempts by him to contact the department and alert them to the matter failed.<\/p>\n<p>He found that on the website&#8217;s <strong><a href=\"http:\/\/www.dha.gov.za\/index.php\/ask-us\" target=\"_blank\" rel=\"noopener\">Ask Us<\/a><\/strong>\u00a0page, users were required to complete a form to lodge a query with Home Affairs.<\/p>\n<p>The form requires users to input the following details:<\/p>\n<ul>\n<li>First name<\/li>\n<li>Last name<\/li>\n<li>ID or case number<\/li>\n<li>Cellphone number<\/li>\n<li>Detailed query<\/li>\n<\/ul>\n<p>It also requires users to complete a reCaptcha form before submitting their details, which at the time of writing was displaying the following error message:<\/p>\n<blockquote><p>reCAPTCHA V1 IS SHUTDOWN<br \/>\nDirect site owners to g.co\/recaptcha\/upgrade<\/p><\/blockquote>\n<h3 class=\"my-4\">Details leaked<\/h3>\n<p>When loading the web page, it occasionally delivered a JavaScript error warning before displaying the page and submission form.<\/p>\n<p>However, on these occasions the form was already completed with the details of a previous user &#8211; allowing anyone to view their name, ID\/case number, cellphone number, and the nature of their query.<\/p>\n<p>MyBroadband managed to replicate this issue multiple times, and each time we were presented with the personal details of a person&#8217;s query submission.<\/p>\n<p>A redacted screenshot of the form information exposed due to this issue is shown below.<\/p>\n<p>It is unclear how many users were exposed in this manner, and if the reCaptcha issue was the cause of the data leak.<\/p>\n<hr \/>\n<p><a  data-lightbox=\"post-image\" href=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2018\/04\/DHA-data-leak-form-screenshot.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-256399\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2018\/04\/DHA-data-leak-form-screenshot.jpg\" alt=\"DHA data leak form screenshot\" width=\"640\" height=\"480\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2018\/04\/DHA-data-leak-form-screenshot.jpg 1024w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2018\/04\/DHA-data-leak-form-screenshot-533x400.jpg 533w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2018\/04\/DHA-data-leak-form-screenshot-768x576.jpg 768w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2018\/04\/DHA-data-leak-form-screenshot-573x430.jpg 573w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<hr \/>\n<h3 class=\"my-4\">Home Affairs &#8211; No comment<\/h3>\n<p>MyBroadband reached out to the Department of Home Affairs for comment on the matter, but it did not respond.<\/p>\n<p><strong>Update &#8211;<\/strong> The Ask Us web page on the Home Affairs website has been taken offline following the publication of MyBroadband&#8217;s report.<\/p>\n<h3 class=\"my-4\">Now read:\u00a0<a href=\"https:\/\/mybroadband.co.za\/news\/security\/234790-massive-south-african-data-leak-now-over-75-million-records-at-risk.html\" rel=\"bookmark\">Massive South African data leak \u2013 Now over 75 million records at risk<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>A flaw in the Department of Home Affairs website exposes sensitive details.<\/p>\n","protected":false},"author":341028,"featured_media":229919,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[50043,33805,35,463,20425],"class_list":["post-256397","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-data-leak","tag-department-of-home-affairs-dha","tag-headline","tag-security-2","tag-website"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/256397"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341028"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=256397"}],"version-history":[{"count":2,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/256397\/revisions"}],"predecessor-version":[{"id":256919,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/256397\/revisions\/256919"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/229919"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=256397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=256397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=256397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}