eThekwini Municipality

In September 2016, the new eThekwini eServices website in South Africa was launched with a number of security holes that lead to the leak of over 98k residents' personal information and utility bills across 82k unique email addresses. Emails were sent prior to launch containing passwords in plain text and the site allowed anyone to download utility bills without sufficient authentication. Various methods of customer data enumeration was possible and phishing attacks began appearing the day after launch.

Domain Entries Date Breached Hashing Privacy acknowledged? 81,830 2016-09-07 plaintext Not rated No

Information leaked

Dates of birth, Deceased date, Email addresses, Genders, Government issued IDs, Names, Passport numbers, Passwords, Phone numbers, Physical addresses, Utility bills

Notice any errors/mistakes in this breach entry? Please contact us and we will fix it ASAP. We strive to be the best and most accurate, so your contribution(s) will be greatly appreciated.