The breached database contained every day logs of user activity by customers of ISPs using web filtering software built by Conor. It uncovered all web traffic and action of these users, alongside their PII information.
Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team discovered a data breach in a database belonging to South Africa ICT company.
The breached data in question includes highly sensitive data of users and private activity.
Not only did Conor expose users to embarrassment by revealing such browsing activity, but they also compromised the privacy and security of people in many countries.
Conor is an information and communications technology (ICT) company that develops software products for clients in Africa and South America. They create a range of solutions for businesses in numerous industries, including finance, mobile internet, SMEs, and data monetization.
Conor has over 80 million mobile subscribers to their products, with some prominent customers, including Vodafone and Telkom.
“Our team’s web scanner picked up the database on the 12th of November. It was clear the database contained a huge amount of data from many sources, in various countries. However, the function of the database wasn’t initially clear, nor its relationship to the different ISPs and Conor,”
“We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.”
Based on vpnMentor’s discovery of this database, Conor’s “commercially acceptable means” weren’t enough to keep this private user data hidden.
The “completely unsecured and unencrypted” database held the details of activity logs across two months from customers of numerous ISPs based in African and South American countries, making a total of more than 890 GB of data and over one million records.
The greatest risk in this breach is to the people whose data was exposed. The database contained live traffic logs of all their online activities, along with PII of users. This means there is zero privacy for those affected.
The leak made them vulnerable to a wide range of online attacks and fraud. These could have devastating effects, both personally and financially.
For complete info, visit vpnMentors blog.