Data breach reveals customer browsing activity at South African teleco

Researchers discover data breach at South African ICT major Conor; customer data on 80 million users across Africa, South America potentially exposed

Researchers have discovered a data breach at South African information and communications technology (ICT) major Conor. The data exposed includes daily logs of user activity by customers of ISPs using web filtering software built by Conor.

vpnMentor’s research team led by cyber-security analysts Noam Rotem and Ran Locar discovered the breach in Conor’s databases as part of a web mapping project, read a vpnMentor blog post.

The database had the details of all internet traffic and activity of these users, along with their PII data. This included highly sensitive and private activity, even accessing pornography, read the blog post.  

"Not only did Conor expose users to embarrassment by revealing such browsing activity, but they also compromised the privacy and security of people in many countries."

The South Africa-based company develops software products for clients in Africa and South America across sectors including finance, mobile internet, SMEs, and data monetisation. There are 80 million mobile subscribers to their products, with some high profile clients such as Vodafone and Telkom. 

"Our team’s web scanner picked up the database on the 12th of November. It was clear the database contained a huge amount of data from many different sources, in various countries. However, the function of the database wasn’t initially clear, nor its relationship to the different ISPs and Conor," read the blog post.

The "completely unsecured and unencrypted" database held the details of activity logs across two months from customers of numerous ISPs based in African and South American countries, making a total of more than 890 GB of data and over one million records.

"Our team viewed data entries from numerous mobile ISPs, such as Tshimedzwa Cellular and Flickswitch in South Africa, MTN in Kenya, and others. There were also entries from South American countries," the post said.

The researchers could not assess whether the data was accessed by others.

"The database was left online, unprotected and unencrypted. No forced entry was required," Noam Rotem told SC Media UK. "We can’t know who accessed it but the company should know."

A vpnMentor spokesperson told SC Media UK in an email that they tried to contact Conor twice for a comment on the issue. However, the company did not respond both times, said the spokesperson.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews