Major Vulnerability In South Africa’s Largest Electricity Company

By   ISBuzz Team
Writer , Information Security Buzz | Feb 06, 2019 09:30 am PST

It appears that a customer database associated with Eskom, South Africa’s state-owned power company, is currently being exposed on the Internet – including credit card and account information, addresses, names, energy usage and more. Someone found the vulnerability and has had trouble submitting the bug to the company, so they’ve taken it to Twitter.

https://twitter.com/olihough86/status/1092847700238876677

Eskom, is South Africa’s is state-owned electricity company, generating, transmitting and distributing approximately 95% of the electricity used in South Africa and approximately 45% of the electricity used in Africa.
Expert Comments below:

Jon Bottarini, Hacker and Lead Technical Program Manager at HackerOne:

“Accidental breaches of this type further drive home the point that every company should have a formal process to accept vulnerability reports from external third parties. A Vulnerability Disclosure Policy or Security@ email is the best way to ensure that when someone sees something exposed, they can say something. Exposing the vulnerability details on Twitter seems to have been the last-ditch attempt on behalf of the security researcher to try and get in contact with someone who can resolve the issue.”

Subscribe
Notify of
guest
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

0
Would love your thoughts, please comment.x
()
x