Eskom exposes customer data

07.02.2019

Back to news

Eskom, a South African largest electricity public utility, has been keeping customer data exposed for a few weeks. The company, which generates more than 90% of local electricity and almost half of the electricity used in Africa, was asked to “remove this data from the public view” by Devin Stokes, a security researcher, but the representatives would not fix the bug.

Stokes has detected a vulnerability in the company’s system. The reason for the leak and the way the data could be accessed haven’t been cleared up yet.

Stokes posted two sequential screenshots. The second one revealed that not only account IDs and meter details were compromised, but financial data of clients, full names, partial card numbers and security codes were breached as well.
The number of those affected hasn’t been sounded off yet, although it is known that Eskom provides services to almost 6 million customers in South Africa.
The researcher has pointed out a possible issue claiming that the database lacked a password.

Eskom has recently been warned about a Trojan on one of their corporate assets which had invaded the network as a fake The Sims 4 installer.