Whistleblowers exposed after hack into South African cops’ website

Hacktivist compromised the personal information of tipsters stored in the SAPS (South African Police Service) website. A data dump on May 17 publicized the telephone numbers, email addresses and identity numbers of more than 15,700 people who used the site between 2005 2013.

“The identities of nearly 16,000 South Africans, who lodged a complaint with police on their website, provided tip-offs or reported crimes, are now publicly available.”

Also released were the usernames and passwords of some 40 SAPS members.

“Complaints range from rape cases opened in Durban to police brutality in Port Elizabeth. Also on the list are ordinary South Africans asking for help in cases involving vehicle theft and illegal shebeens. People have also complimented police on their work, including speedy responses to emergencies and help in cases.”

MyBroadband reports that “Domainer,” the alias of a purported Anonymous hacktivist, obtained the data through a “SQL injection attack” that exploited a weakness in the police force’s database.  “The hacker said the attack was made possible by a poorly designed website.”  The motivation: Retaliation for “the lack of adequate justice for the slaughtered miners” at Marikana. “It also highlighted the fact that SAP’s own duty of care, namely the security of information on its servers is questionable.”