Researcher Reveals Data Leak at South Africa's Main Electricity Provider (Feb 6, 2019)
The South African, state-owned electricity company, "Eskom," appears to have suffered a data breach due to their billing software database being left exposed, without having a password to protect the database. Cybersecurity researcher Devin Stokes publicly tweeted screenshots of the customer and service-related information that was accessible on the database including: account IDs, meter information, and start and end service dates. The breach appeared to have escalated when Stokes found that some database entries also contained financial data of customers such as CVV numbers, names, payment card types, and partial payment card numbers. This issue appears to have been further exacerbated by an unnamed employee possibly accidentally installing a trojan onto the corporate machines by downloading a fake "SIMS 4" gaming installer. Despite Eskom remaining fairly quiet on the matter, they did state that they "investigated the potential trojan infection and have taken necessary actions."
Recommendation: It is crucial for your company to verify that databases are properly secured with password protection and are not available via the Internet prior to adding any sensitive data. As this story portrays, an unsecured database can cause leaks of sensitive information, which could be used for further malicious activity, and cause significant harm to a company's reputation. This needs to be compounded by adequate cybersecurity behaviours by employees, particularly not installing unnecessary installers from potentially malicious sites onto corporate machines via corporate networks.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.