In this weekly digest, we discuss a major security incident in Ivory Coast. A massive breach at ANKA has exposed over half a million user records, including sensitive personal data and authentication tokens. The incident underscores how rapid digitization in Africa is outpacing security readiness.

This time criminals targeted ANKA, the flagship African e-commerce platform, from Ivory Coast. It serves more than 22,000 African sellers and has managed more than $60 million in cumulative transactions. The platform supports shipping, financial transactions, and marketplace services. The news about the incident came not long after the public announcement that Global Shop Group had acquired ANKA.

According to news, criminals have put stolen records on sale on darknet forums. Journalists reported that approximately 12 GB of data was offered. Such a trove of information contains more than 537,000 unique user records, including sensitive data and personal identifiable information, such as:

• Full names
• Usernames
• Email addresses and phone numbers
• Gender
• Date of birth.

SearchInform has prepared a handout with practical advice on how to protect sensitive documents. You can download it for free here.

Yet, the most worrying detail is the inclusion of authentication tokens in the leak. Using these tokens, criminals can bypass security mechanisms, hijack user sessions, and access user accounts without passwords.

On top of that, perpetrators could conduct personalized phishing attacks, perform identity theft, and impersonate ANKA staff for further illegal activities.

Some security experts emphasize that one of the reasons behind this incident is recent changes to ownership of the e-commerce platform, which had impacted smoothness of operations.

This incident highlights current challenges in the African economy: a rapid process of digitalization outpaces implementation of security measures. The majority of African companies operate with limited cybersecurity budgets and a lack of local skills. Businesses have limited access to a pool of qualified security specialists.

To address these business challenges, the SearchInform team has developed a unique offer tailored for the needs of small and medium-sized businesses – Managed Security Services (MSS). It is a package of cutting-edge security solutions implemented and operated by skilled security specialists proficient with delivered tools. The subscription-based model drastically cuts starting costs, as there is no need to purchase expensive software licenses and specialized hardware.

Managed Security Services also addresses hiring challenges by providing access to a qualified workforce with skills necessary for effective and proactive protection. These specialists fulfill a role of in-house employee and provide comprehensive protection of corporate assets.