The personal information of more than 30 million South Africans has apparently been leaked online.
This is according to Australian security researcher and creator of ‘Have I Been Pwned’, Troy Hunt. His website allows people to check if their personal information has been compromised in a data breach.
He took to Twitter on Tuesday to say he had “a very large breach titled ‘masterdeeds’”.
The title of the data led him and others commentators to speculate that the leak was likely from the deeds office.
If the information Hunt has is legitimate, it may be the biggest breach of Popi (Protection of Personal Information Act) to have ever taken place.
Hunt said the database contained names of people, their gender, ethnicity, home ownership and contact information. The data also contained people’s identity numbers and other information like their estimated income and details of their employer.
He said the information appeared to be from a government agency.
MyBroadband reported that the database was a 27.2GB backup file that Hunt found on Torrent and he gained 31.6 million records before it crashed. He said there could be over 47 million records in the database.
South Africans replying to Hunt’s tweets wondered if the information could be from other databases, like those a bank would have, as some of the information, like living standards, is not something the deeds office would normally have.
Many were concerned that their personal information formed part of the breach.
It was not clear how old the information was as some commentators said that the database appeared to be from “ancient Java” which was last updated in 2009. This may just mean that the database that was being used by the agency the information had been taken from was not up to date.
Queries to the Deeds office on whether they have at any time been hacked had not yet been answered by Tuesday evening.