Wednesday, October 18, 2017

Source of massive South African data leak found – Report

The database leak that exposed the private information of 30 million South Africans has been linked to websites operated by Jigsaw holdings, reported iAfrikan.

This follows the disclosure of the leak by security researcher Troy Hunt.

Hunt revealed that a 27.2GB database file with the name "masterdeeds" contained the private details of millions of South Africans.

This included ID numbers, addresses, contact details, employer information, and estimated income.

Hunt said his attempt to import the database backup file failed after 31.6 million records.

An estimate suggests the database could contain over 45 million records of South Africans. This includes data from the 1990s.

Linking the leak

With the help of self-professed "data and crypto addict" Flash Gordon, iAfrikan CEO Tefo Mohapi connected the leak to GoVault.

GoVault is a platform operated by Dracore, and is billed as a "goldmine of information" which offers access to the contact details of South African consumers and homeowners.

Counted among Dracore's clients is TransUnion and real estate industry players.

A lookup of GoVault.co.za shows Hano Jacobs as the domain's owner, and Mohapi's search for him resulted in a Twitter page that points to realty1ipg.co.za.

Realty1ipg is registered to Michelle McCrate. Jacobs denied any involvement in GoVault's business activities beyond owning the domain, while McCrate is also registered as the owner of Jigsaw Holdings' website.

Realty1 and the websites of several other real estate brands are operated by Jigsaw Holdings.

At the time of publication, Mohapi said the data was still accessible online without protection.

MyBroadband contacted Dracore and Jigsaw for feedback, and Jigsaw said it was not aware of a leak.

Dracore did not respond by the time of publication.

Now read: A guide to two-factor authentication on the web

Let's block ads! (Why?)


see source

No comments:

Post a Comment