Data breach exposes sensitive and private browsing history of South Africa ICT users

The breached database contained every day logs of user activity by customers of ISPs using web filtering software built by Conor. It uncovered all web traffic and action of these users, alongside their PII information.

Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach in a database belonging to South Africa ICT company.

The breached data in question includes highly sensitive data of users and private activity.

Not only did Conor expose users to embarrassment by revealing such browsing activity, but they also compromised the privacy and security of people in many countries.

Conor is an information and communications technology (ICT) company that develops software products for clients in Africa and South America. They create a range of solutions for businesses in numerous industries, including finance, mobile internet, SMEs, and data monetization.

Conor has over 80 million mobile subscribers to their products, with some prominent customers, including Vodafone and Telkom.

“Our team’s web scanner picked up the database on the 12th of November. It was clear the database contained a huge amount of data from many sources, in various countries. However, the function of the database wasn’t initially clear, nor its relationship to the different ISPs and Conor,”

Conor’s Privacy Policy states that:

“We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.”

Based on vpnMentor’s discovery of this database, Conor’s “commercially acceptable means” weren’t enough to keep this private user data hidden.

The “completely unsecured and unencrypted” database held the details of activity logs across two months from customers of numerous ISPs based in African and South American countries, making a total of more than 890 GB of data and over one million records.

The greatest risk in this breach is to the people whose data was exposed. The database contained live traffic logs of all their online activities, along with PII of users. This means there is zero privacy for those affected. 

The leak made them vulnerable to a wide range of online attacks and fraud. These could have devastating effects, both personally and financially. 

For complete info, visit vpnMentors blog.

   
Ryan Warner
Ryan Warner
Ryan is a US based student, he is currently pursuing his Advanced Astronomy degree.

Recent News

Twitter in talks with TikTok to acquire US operations

Microsoft publicly announced that they had a discussion with TikTok owner ByteDance to acquire the US operations of TikTok, which would help TikTok maintain...