Massive SA data breach & what you should do next.
If you don’t know, let us fill you in. A database containing over 60 million private records of South Africans were leaked onto the internet full names, ID numbers, home addresses, contact details, job titles, employment history, marital status, and estimated monthly income, said security researcher Troy Hunt.
According to Tech Central
The leak points to Jigsaw Holdings, a holding company for several real estate franchises, including Realty1, ERA and Aida. The misconfigured website had exceptionally lax security, and until recently allowed anyone with a small amount of technical knowledge to view or download any of the 75m database records held there. More than 60m of those records consisted of the personal data of South African citizens.
The breach is being described as the biggest ever leak of private information in South Africa’s history. Times Live has reported that the Hawks may soon make a breakthrough in the case.
“There might be a possible breakthrough to this issue‚ but‚ of course‚ the details thereof we want to keep confidential at this moment‚” Hawks spokesperson Brigadier Hangwani Mulaudzi said.
Acting Hawks head Lieutenant General Yolisa Matakata instructed its cybercrime unit to investigate who leaked the information and how they did so.
Mulaudzi said: “The team is working around the clock to make sure we kill this case as soon as possible.”
Check if your data has been breached.
Security expert Troy has loaded the email addresses found in the leaked South African database onto his site Have I Been Pwned. We recommend that your first step is to check to see if you have been a victim of this or any other data breach. You can visit the website by visiting his website at https://haveibeenpwned.com/ simply and enter your email and the results.
Unfortunately, for South Africans whose personal information is now widely available, there isn’t much that they can do other than increase their vigilance for any attempts at identity theft.
How to protect yourself online in the future.
In light of the big data breach we what to ensure that you do more to protect yourself online. It’s all about revealing as little about yourself as you can, and using some security features are available. Most importantly we recommend LastPass as a password manager to all our clients. We use it and can’t vouch for it enough.
Here are some additional tips on how you can make yourself less vulnerable online.
1. Unique account, unique password.
While long, complex passwords are important, it’s equally important that each password you use is unique. No two accounts should ever use the same password. LastPass makes this easy!
2. Manage throwaway emails.
Many sites require a valid email address. But your email address is the gateway to the rest of your online life. For most of us, our email address is what we use to connect to our banking, our social networks, and countless other services.
Services like Mailinator lets you generate email addresses so you don’t have to use your primary email address. If one of your “throwaway” email addresses starts to LastPass keeps track of which email address you used where, you get all the security benefits with much less hassle.
4. Fill data as needed, don’t store it.
It seems like websites want to know everything about you, from your contact information to your demographics to your personal preferences. While in theory it might make for a better shopping experience, the frequency of poor encryption practices also means that a lot of your data is at risk should a website suffer a data breach.
5. Close unused accounts.
Once you start storing passwords and website details in the LastPass password manager, it’s incredible how many accounts you accumulate. It’s easy to forget the one-off purchases, forum registrations, and the latest hot apps that all require an account. We all leave a trail of unused accounts from our online activities.