A huge trove of data, containing the personal information of millions of South Africans, including property ownership, employment history, income and company directorships, has been discovered by information security researcher Troy Hunt.
Hunt, the founder of HaveIbeenPwned.com, said the breach contains data of more than 30-million unique South African ID numbers.
The data trove was discovered among a large dump of other breaches, and Hunt could identify it as South African source by the personal address details contained in it. He said that to date he hasn’t seen it offered for sale, but that “it is definitely floating around between traders”.
The date of the database file indicates that the breach took place in March 2017, or perhaps before. The actual data includes information from at least as far back as the early 1990s.
Hunt is now attempting to identify the source of the database and has shared its headers to help get to the bottom of it. The headers can be viewed here.
Some of the data headers seem to indicate that the source may be government, but this is not definitive. It may be that this information is from a commercial entity such as a bank or credit bureau.
Once the owner of the data is identified and informed, Hunt will upload the info to his HaveIbeenPwned service (although he notes that the data only includes around 2,2-million valid e-mail addresses).
By Andrew Fraser for Tech Central