Yup, South Africa’s biggest data leak has doubled in size since we last gave you the lowdown.
This is according to Troy Hunt, the Australian Microsoft regional director who first stumbled upon the files, reports Times LIVE.
On Wednesday, the amount of personal information for sale on the net was estimated to be around 30 million accounts, but now, after processing it, this is what Hunt tweeted:
Deep.
Hunt did good and uploaded all the affected email addresses to his website, HaveIBeenPwnd.com, which you can use to see if any of your email addresses have been involved in information security breaches.
If you haven’t changed your email password since any of the breaches, perhaps you should do so.
Hunt explained that although uploading the ID numbers would have been more helpful for people, that information was too sensitive.
The Southern African Fraud Prevention Service (SAFPS) first warned citizens about uploading their email addresses to Hunt’s site, but soon realised that was silly advice:
This is contrary to advice published earlier‚ urging South Africans not to use websites purporting to be able to confirm whether their information had been leaked.
The Southern African Fraud Prevention Service (SAFPS) had warned that consumers should not attempt to check if their details were contained in the data breach. But SAFPS CEO Manie van Schalkwyk has now said‚ considering the size of the leak‚ the question was no longer if you are affected by the leak‚ suggesting that most people’s information had indeed been obtained.
Van Schalkwyk said he trusted Hunt’s website‚ but noted similar websites could be created to entice you to enter personal information under allegedly trying to help you.
“You might provide legitimate information to an illegitimate source.”
He advised consumers to rather get their credit report from a credit bureau to check if there were any suspicious transactions.
So, where did the information come from?
Well, the culprit is Jigsaw Holdings‚ which includes Aida‚ ERA and Realty-1, and, according to the Hawks, the leaks includes the personal information of the likes of President Jacob Zuma‚ Finance Minister Malusi Gigaba, and Police Minister Fikile Mbalula.
Aida CEO Braam de Jager said on Wednesday that:
[H]e had “absolutely no idea” how the information was published on the firm’s server. He had consulted a forensic expert to find out how the information was leaked. “As I am speaking to you now‚ I have called in forensic guys into my office that are busy investigating all of these things right now‚” he said.
De Jager said the information was bought from credit bureau Dracore in 2014 to enable it to trace potential clients who wanted to sell their houses.
Dracore CEO Chantelle Fraser said her company was not responsible for publishing the information and had no knowledge of how other companies used it.
Jabu Mtsweni‚ a cyber security expert at the CSIR‚ said such information could also be sold on the internet to the highest bidder.
“People who want to clone my identity don’t need my ID number. This information can be used by criminals to try to authenticate themselves as you over the phone.”
And I’m sitting here wondering who gave them permission to sell all that information – guess we need to be vigilant about who we give our personal information to and what they do with it.
You know when you log onto websites and apps, and they give you that automatic Facebook login? Don’t.
Also, NEWORDER.
[source:timeslive]
