Data breach exposes sensitive and private browsing history of South Africa ICT users

Data breach exposes sensitive and private browsing history of South Africa ICT users
We may receive commissions for purchases made through links on our website. We appreciate your support.

The breached database contained every day logs of user activity by customers of ISPs using web filtering software built by Conor. It uncovered all web traffic and action of these users, alongside their PII information.

Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentors research team discovered a data breach in a database belonging to South Africa ICT company.

The breached data in question includes highly sensitive data of users and private activity.

Not only did Conor expose users to embarrassment by revealing such browsing activity, but they alsocompromised the privacy and security of people in many countries.

Conor is an information and communications technology (ICT) company that develops software products for clients in Africa and South America.They create a range of solutions for businesses in numerous industries, including finance, mobile internet, SMEs, and data monetization.

Conor has over 80 million mobile subscribers to their products, with some prominent customers, including Vodafone and Telkom.

Our teams web scanner picked up the database on the 12th of November. It was clear the database contained a huge amount of data from many sources, in various countries. However, the function of the database wasnt initially clear, nor its relationship to the different ISPs and Conor,

Conors Privacy Policy states that:

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Based on vpnMentors discovery of this database, Conors commercially acceptable means werent enough to keep this private user data hidden.

The completely unsecured and unencrypted database held the details of activity logs across two months from customers of numerous ISPs based in African and South American countries, making a total of more than 890 GB of data and over one million records.

The greatest risk in this breach is to the people whose data was exposed.The database contained live traffic logs of all their online activities, along with PII of users.This means there is zero privacy for those affected.

The leak made them vulnerable to a wide range of online attacks and fraud. These could havedevastating effects, both personally and financially.

For complete info, visit vpnMentors blog.