Threat Actor: IntelBroker, EnergyWeaponUser | IntelBroker, EnergyWeaponUser
Victim: South African Government Tender Site | Etenders.gov.za
Price: Available for download on BreachForums
Exfiltrated Data Type: Personal and professional details of registered users
Key Points :
- Approximately 65,000 users’ sensitive information was exposed.
- The breach was caused by an Insecure Direct Object Reference (IDOR) vulnerability.
- Compromised data includes company names, types, regions, contact persons, contact numbers, email addresses, and identification numbers.
- A sample of the stolen data was shared by the threat actors.
- The entire dataset is available for download to members of the BreachForums community.
In a recent incident, the South African government’s tendering site, Etenders.gov.za, experienced an alleged data breach, resulting in the exposure of sensitive information belonging to approximately 65,000 users. The breach was disclosed by threat actors IntelBroker and EnergyWeaponUser on a dark web forum.
The threat actors reportedly exploited an Insecure Direct Object Reference (IDOR) vulnerability on the site, enabling them to access and download the personal and professional details of registered users. The compromised data includes crucial information such as company names, company types, regions, contact persons, contact numbers, email addresses, and identification numbers.
A sample of the stolen data was provided by the threat actors, who have made the entire dataset available for download to members of the BreachForums community.
The post South African Government Tendering Site Allegedly Suffers Data Breach appeared first on Daily Dark Web.