Yesterday we brought you news that the personal data of close to one million South Africans had been found online, unprotected on a publicly accessible web server.
Today we have learned that the exposed database allegedly belonged to ViewFines, a web portal where South Africans could view and pay traffic fines they had accrued.
“It was found on a web server belonging to a company that handles electronic traffic fine payments in SA. Was once again a case of someone enabling directory listing/browsing where their “backups” were saved and this just so happened to be part of it,” an anonymous source told iAfrikan who has worked with Have I Been Pwned founder Troy Hunt to bring this information to the public’s attention.
The publication says it has tried to contact the person who registered the ViewFines website since yesterday with no response yet.
What is important right now is that if you have ever paid a fine online using ViewFines, head to Have I Been Pwned and key in your email address.
As many as 777 649 accounts are said to have been compromised.
While you can’t view the data that Troy Hunt and iAfrikan has been pouring over for the last few days, you can determine if you are at risk.
If your email address and password have been compromised it’s vital that you change that password if you’ve used it in other places.
The data that was compromised includes full names, surnames, mobile numbers, amount of outstanding traffic fines, email addresses, passwords and a unique, system-generated user ID.
It’s also worth treating emails and unsolicited phone calls demanding payments from fines with a bit more suspicion as cybercriminals could execute social engineering attacks using the information that was gleaned from this leak.
The ViewFines website is inaccessible at time of writing.