South African citizens’ bank details have been open to public view due to a security flaw in the online bill payments system of the Johannesburg municipal government.
The breach was flagged up by a concerned user who discovered that by changing the four-digit number of their account in the url to any other four numbers, it took them to someone else’s account statement.
The details included names, account numbers, pin numbers, addresses and payments, leaving all of the 1.1 million accounts vulnerable to fraud.
Richard Nere, head of IT for Johannesburg municipal government, said: “We’re aware of the security breach on our e-statement services. Our technical team has brought the services down to prevent further unauthorised access to customer accounts.
“We are currently investigating the root cause and permanent solution [to] be applied. We do apologise for any inconvenience caused.”
Up to 10,000 accounts were open to access for most of yesterday (Tuesday).
A spokesperson for the Johannesburg government would not comment on whether every account in Johannesburg was vulnerable or for how long or whether this would affect their plans to change to mms bill delivery.
Image courtesy of Shutterstock