Check for your email address in massive data breach


Johannesburg – The website which revealed the massive data breach involving 50 million South Africans, has now loaded a search function for people to find out if their email address has been compromised.

Troy Hunt, founder of the free service Have I Been Pwned (HIBP), which aggregates data breaches and initially revealed the data breach, uploaded the compromised email addresses to the website. They can be found here.

While other information such as ID numbers, employer information and estimated salaries are available, Hunt chose only to upload victims’ email addresses.

“I’ve loaded the 2.2 million unique email addresses in the data set into HIBP. You can search for your email there now and it will give you a yes or no answer as to whether it exists, but obviously the addresses only represent a small portion of the overall data set,” Hunt said in a blog post on Thursday.

“I do not have any plans to make the personal identification numbers searchable. Given the sensitivity of that data, it’s not information I want to be responsible for managing on a service like this. However, given the size of the data as compared to the population of South Africa, there’s an extremely high likelihood that anyone with an ID is in the data set,” he added. 

Hunt said that he received the file in March.  

“Someone sent me a 27GB file called ‘masterdeeds.sql’ which was a MySQL database backup file. There was nothing immediately remarkable about it; there was no clear indication of a source (many similar examples include the source website in the file name) and there were ‘only’ 2.2 million email addresses in the file (I was dealing with breaches containing tens or even hundreds of millions of records at the time).

“It went into an archive folder with literally hundreds of other similar files which, time permitting, I’d (sic) come back to and review later,” his blog post read. 

Earlier this week, Fin24 reported that this could be the biggest ever breach of the Protection of Personal Information Act.

The leaked database also contains names of people, their gender, ethnicity, home ownership and contact information. 

Read Original Article