WATCH: Should you check if you’ve been affected by the data leaks?
To check or not to check...
If your details are among the estimated nearly 50 million records that were exposed in a massive data leak, you have a problem if the wrong people managed to download it.
According to My Broadband a database reportedly leaked from the web servers of Jigsaw Holdings contains the ID numbers, adresses and personal details of over 60 million South Africans making it the biggest data leak in the history of South Africa.
Troy Hunt, an Australian web security expert who uncovered the breach on Tuesday, has since encouraged anyone interested in finding out if their data was exposed.
“I’ll start with the easy bit: I’ve loaded the 2.2 million unique email addresses in the data set into HIBP. You can search for your email there now and it will give you a yes or no answer as to whether it exists, but obviously the addresses only represent a small portion of the overall data set,” Hunt explained in his blog.
For South African friends, I just added an update with more info, including the (surprising) age group distribution: https://t.co/DR6OI8RBRj
— Troy Hunt (@troyhunt) October 20, 2017
Let’s not call this a “hack” folks. Someone in South Africa literally published their database of the entire country to the public internet. https://t.co/uvP8fLvqXg
— Troy Hunt (@troyhunt) October 18, 2017
I hope the party responsible for publicly publishing this data is quick to take accountability and notify impacted parties
— Troy Hunt (@troyhunt) October 18, 2017
I won't be loading the government issued IDs; these are sensitive personal identifiers that should be carefully guarded
— Troy Hunt (@troyhunt) October 18, 2017
I've now loaded the *email addresses only* for the South African "Master Deeds" breach into @haveibeenpwned https://t.co/nv5UjJpDsR
— Troy Hunt (@troyhunt) October 18, 2017
Hunt explained that only compromised email addresses have been uploaded to the ‘Have I Been Pwned?’ website.
According to the Southern African Fraud Prevention Service, consumers should not check whether their details were affected by the leak, as it could create an opportunity for fraudsters.
Manie van Schalkwyk of the Southern African Fraud Prevention Service said, “I warn consumers against attempting to verify if they are on the database or anybody offering services like that. You could be leading yourself into further jeopardy by providing somebody else with data with the understanding that you will verify if you are on the leaked dataset. You might provide legitimate information to an illegitimate source.”
van Schalkwyk encouraged consumers to rather get their credit report from a credit bureau and check if there are any suspicious transactions.
“Once you realise that something is suspicious, then it is advisable to apply for Protective Registration on the SAFPS website. This will provide the consumer with added security and will alert the credit provider or the bank that the specific ID number has been compromised,” he said.
This service is free of charge to consumers.
Meanwhile, videos like this one are circulating on social media and are generating interest among viewers who are wondering whether they have been affected:
Read:
Consumers warned against identity theft
Details: www.safps.org.za