Australian information security expert Troy Hunt, the man who discovered the explosive leak of more than 60m records containing personal information of South African citizens, has published a video setting out the details of the leak and how he uncovered them. Watch the video below.
TechCentral on Wednesday revealed that the largest data leak recorded in South African history had been traced to a Web server registered to a real estate company based in Pretoria.
“Whois lookup” information pointed to Jigsaw Holdings, a holding company for several real estate franchises, including Realty1, ERA and Aida.
The misconfigured website had exceptionally lax security, and until recently allowed anyone with a small amount of technical knowledge to view or download any of the 75m database records held there. More than 60m of those records consisted of the personal data of South African citizens.
It appears that Jigsaw had been using this data, which was likely sourced from credit bureaus, to provide a service to its estate agents.
When the news of the huge trove of personal information was shared by Microsoft’s Hunt on Tuesday, the initial response was that there had been a hack. But it seems that hacking wasn’t required: the information was easily available on an open Web server, which has since been shut down.
It appears that Jigsaw had been using this data, which was likely sourced from credit bureaus, to provide a service to its estate agents. — (c) 2017 NewsCentral Media