最有看点的互联网金融门户

最有看点的互联网金融门户
国际资讯金融信息服务

南非百万公民个人信息遭泄露

国际资讯金融信息服务

南非百万公民个人信息遭泄露

2017年10月,南非曾经遭遇一次大规模信息泄露事件,涉及大量公民身份证号码、收入、婚姻状况、就业和财产所有权信息。据当时媒体报道,泄露事件涉及的信息最早可以追溯到20世纪90年代甚至更早,规模大概有3000多万,而且这个数字可能还会继续上升。经过一番调查有关部门发现,数据线泄露的源头是一家叫作Dracore Data Sciences的数据公司。该公司的客户包括TransUnion和多个房地产公司。

然而,时隔半年多,南非又一次遭遇了信息泄露,这次被波及的用户数可能也要达到百万级别。

根据The Next Web的消息显示,本次泄露的数据包括身份号码、电子邮件地址、全名和交通罚款的文本密码。

通过与澳大利亚安全顾问Troy Hunt和iAfrikan团队合作,数据泄露来源被确定为一家负责南非交通罚款收缴的网络平台。据了解,南非允许多家公司通过互联网提供交通罚款缴纳服务。不过,本次泄露的信息应该只涉及部分南非机动车驾驶员信息。

 

 

South Africa, following a massive breach in October 2017, suffered another attack, with the personal records of 934,000 South Africans being leaked.

According to news from The Next Web, the data that was leaked includes national identity numbers, email addresses, full names and text passwords for traffic fines. Working with Australian security consultant Troy Hunt and the team at iAfrikan, TheNextWeb established that the data was posted publicly by a company responsible for traffic fines for South Africa’s online payments. South Africa lets several companies facilitate payments for traffic fines over the internet, and the leaked database doesn’t represent all of the drivers that are licensed in South Africa — given that at the end of the March of 2017, there were more than 12 million, and the database only had information on 934,000 South Africans.

In what was potentially South Africa’s largest data breach, hackers in October 2017 got away with extensive personal information, including ID numbers, income, marital status, employment and property ownership information. According to a news report in The Next Web at the time, after the team at iAfrikan — along with security consultant Troy Hunt — spotted the South African breach, they discovered that personal information was stolen from both living and deceased people. The personal records dated back to the late 1990s or even older. The breach may have impacted 30 million unique records, but that number could increase. After some sleuthing, the team found that the company in possession of the breached data was Dracore Data Sciences, which names TransUnion as a client. The company also had real estate businesses as clients.

“They’ve [Dracore] collected an enormous volume of data, and I’m not sure the owners of that data ever gave their consent,” said Hunt. “That may still be legal, but the backlash will be severe. They then published that data to a web server with absolutely zero protection, and, of course, unauthorized parties found it. You yourself [iAfrikan] found it very quickly just by searching for it. There is now going to be a very serious spotlight shone on them for the sheer incompetence of their actions, and they’re in no position [to] threaten those who’ve reported this to them responsibly.”


用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

如果你接到过这个电话,说明你的个人信息被泄露了

苏宁金融研究院 | 苏宁金融研... 04-07

PayPal加密货币用户信息疑似泄露

C. Edward ... | NEWS BITCO... 03-19

明码标价,英国个人信息暗网买卖猖獗

高旭 | FINEXTRA 03-09

中国金融科技的数据红利还有多久?

董云峰 | 新金融琅琊... 02-02

失控的智能设备 谁在“消费”我们的隐私?

第一财经《解码新金融》 01-31

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1