{"id":295030,"date":"2019-02-06T14:13:44","date_gmt":"2019-02-06T12:13:44","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=295030"},"modified":"2019-02-07T16:51:20","modified_gmt":"2019-02-07T14:51:20","slug":"eskom-data-leak-exposes-sensitive-customer-information-security-researcher","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/energy\/295030-eskom-data-leak-exposes-sensitive-customer-information-security-researcher.html","title":{"rendered":"Eskom data leak exposes sensitive customer information – Security researcher"},"content":{"rendered":"

Security researcher Devin Stokes has disclosed<\/a><\/strong> a vulnerability in Eskom\u2019s information systems that is leaking customer data.<\/p>\n

Stokes said that he took the decision to go public after Eskom failed to respond to several disclosure emails, emails from news organisations, and direct messages on Twitter.<\/p>\n

He said that the leak has been going on for weeks.<\/p>\n

\u201cYou need to remove this data from the public view! You are unnecessarily exposing your customers data!\u201d said Stokes.<\/p>\n

In a follow-up tweet, Stokes posted a screenshot of a customer record in a live database, which showed the person\u2019s full name and credit card CVV. This has been blurred out in our screenshot.<\/p>\n

Information on what is causing the leak, or how the customer data was accessed, was not disclosed by the researcher.<\/p>\n

Queried about the leak, Eskom said that its group IT department is conducting investigations to determine whether sensitive Eskom information was compromised.<\/p>\n

“We will comment fully once the investigation is concluded,” Eskom said.<\/p>\n

Update – Eskom comment<\/h3>\n

Eskom\u2019s Acting Chief Information Officer, Nondumiso Zibi, said the server and \u201cMongo\u201d database in question does not belong to Eskom – and it is not hosted on its network.<\/p>\n

\u201cWe have traced it and can confirm that it is hosted in the US,\u201d said Zibi.<\/p>\n

\u201cWe have managed to trace the company responsible for this server and the database. The company is very co-operative and has since confirmed that the server has been shut down.\u201d<\/p>\n

Notwithstanding this, Eskom\u2019s Group Information Technology team is\u00a0conducting further investigations to determine whether the data in question is valid and belongs to Eskom customers, said the company.<\/p>\n

\"Eskom<\/a><\/p>\n

Malware installation<\/h3>\n

News that an Eskom customer databases is leaking sensitive data comes after a security researcher from the MalwareMustDie security research work group reported that an Eskom employee\u00a0downloaded a trojan onto her computer<\/strong><\/a>.<\/p>\n

According to the researcher, the employee downloaded a fake Sims 4 installer – which resulted in her company credentials being compromised.<\/p>\n

Eskom did not confirm the details of the infection, but later thanked the hacker on Twitter, stating that the issue had been investigated and the necessary action taken.<\/p>\n

\n

@Eskom_SA<\/a> You don't respond to several disclosure emails, email from journalistic entities, or twitter DMs, but how about a public tweet? This is going on for weeks here. You need to remove this data from the public view!<\/p>\n

You are unnecessarily exposing YOUR customers data! pic.twitter.com\/MgAOWrRv8o<\/a><\/p>\n

— stoXe (@DevinStokes) February 5, 2019<\/a><\/p><\/blockquote>\n