Ethekwini Municipality – Sep 07, 2016

On  Sep 07, 2016  attack happened.  The new eThekwini eServices website in South Africa was launched with a number of security holes that lead to the leak of over 98k residents’ personal information and utility bills across 82k unique email addresses. Emails were sent prior to launch containing passwords in plain text and the site allowed anyone to download utility bills without sufficient authentication. Various methods of customer data enumeration was possible and phishing attacks began appearing the day after launch.  On   Sep 15, 2016   only breach discovered.

Date

Sep 07 2021

Leave a Reply