Troy Hunt an Australian web security expert and founder of the free service Have I Been Pwned (HIBP) who initially revealed the data breach, and created a web service which aggregated compromised email address from the data breaches, emails that link up to personal information of more than 30 million South Africans has apparently been leaked online.
He took to Twitter on Tuesday to say he had “a very large breach titled ‘masterdeeds’”.
Hunt said that he received the file in March.
“Someone sent me a 27GB file called ‘masterdeeds.sql’ which was a MySQL database backup file. There was nothing immediately remarkable about it; there was no clear indication of a source (many similar examples include the source website in the file name) and there were ‘only’ 2.2 million email addresses in the file (I was dealing with breaches containing tens or even hundreds of millions of records at the time).
“It went into an archive folder with literally hundreds of other similar files which, time permitting, I’d (sic) come back to and review later,” his blog post read.
“Every person that I have checked that sent me their ID number‚ I have found a record for. That is very concerning.”
“It turns out that the data also contains records where the individual is flagged as ‘deceased’. South Africans living abroad may also account for the high number, the only thing we can confidently conclude is that the data represents a significant portion of the country,” he said.
“The fact I only originally had only just over half the data loaded helps explain why some records weren’t found when I originally queried the restored data but were subsequently found when I searched through the source file,” Hunt added.
Earlier this week, headlines reported that this could be the biggest ever breach of the Protection of Personal Information Act. The leaked database also contains names of people, their gender, ethnicity, home ownership and contact information.
Professor Basie von Solms‚ director of the Centre for Cyber Security at the University of Johannesburg‚ said cyber criminals can use the information in this breach to obtain credit.
“With enough personal information‚ one can do damage to a person by illegally opening credit accounts or make bookings. It is an extremely big risk. The great risk is to the individual whose data has been breached.”
To check if your name is on the list, read more on: https://haveibeenpwned.com/