Major Vulnerability In South Africa’s Largest Electricity Company

It appears that a customer database associated with Eskom, South Africa’s state-owned power company, is currently being exposed on the Internet – including credit card and account information, addresses, names, energy usage and more. Someone found the vulnerability and has had trouble submitting the bug to the company, so they’ve taken it to Twitter.

https://twitter.com/olihough86/status/1092847700238876677

Eskom, is South Africa’s is state-owned electricity company, generating, transmitting and distributing approximately 95% of the electricity used in South Africa and approximately 45% of the electricity used in Africa.
Expert Comments below:

Jon Bottarini, Hacker and Lead Technical Program Manager at HackerOne:

“Accidental breaches of this type further drive home the point that every company should have a formal process to accept vulnerability reports from external third parties. A Vulnerability Disclosure Policy or Security@ email is the best way to ensure that when someone sees something exposed, they can say something. Exposing the vulnerability details on Twitter seems to have been the last-ditch attempt on behalf of the security researcher to try and get in contact with someone who can resolve the issue.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.