• Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
  • Events
  • Whitepapers
  • Spotlights
  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
  • Newsletters
  • Sign in
  •  
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
     
    • You are currently accessing Computing via your Enterprise account.

      If you already have an account please use the link below to sign in.

      If you have any problems with your access or would like to request an individual access account please contact our customer service team.

      Phone: +44 (0) 1858 438800

      Email: customerservices@incisivemedia.com

      • Sign in
     
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • Events
    • Upcoming events
      event logo
      The Pesky Password Problem: What place do passwords have in the modern workplace?

      In this webinar you'll learn: Why passwords are so easy to hack, and how the bad guys do it. How to craft a secure, risk-focused password security policy. The truth about password managers and multi-factor authentication and how they impact our risk. How to empower your end users to become your best last line of defence

      • Date: 21 Jan 2021
      event logo
      Where the buck stops: Why a shared responsibility model will help you own your cloud security flaws

      This webinar, and accompanying dedicated research, will reveal to what extent organisations are practicing a shared responsibility model for cloud security today and the degree to which IT leaders are aware of what they should be doing to ensure the secure use of their multi- and hybrid-cloud environments.

      • Date: 27 Jan 2021
      event logo
      Leveraging the Cloud to Defeat Data Disasters

      Join us and learn how your IT team can realize many of the powerful advantages of the cloud and solve the operational complexity behind managing data across hybrid and multi-cloud IT environments with centralized management, automation, end-to-end security, and lower TCO.

      • Date: 28 Jan 2021
      event logo
      Deskflix Hybrid and Multi Cloud

      One of the most powerful tools for breaking down silos and integrating resources is cloud computing. But multi-tenancy cloud is not the ideal environment for every application or every class of data and some will need to remain on-prem for the foreseeable future; nor are all clouds equal. Tune in to Deskflix season 1 to hear industry experts speak on the questions you need answered on hybrid and multi cloud.

      • Date: 10 Feb 2021
      View all events
  • Whitepapers
    • LATEST WHITEPAPERS
      Darktrace 120x194
      Cyber AI Response: Threat Report 2019

      This white paper details 7 case studies of attacks that were intercepted and neutralised by Darktrace cyber defense AI, including a zero-day trojan in a manufacturing company's network. Learn how Darktrace Antigena AI Response modules fight back autonomously, no matter where a threat may emerge, extending to the Cloud, Email and SaaS.

      Download
      Darktrace 120x194
      Cyber AI & Darktrace Cloud

      This white paper explores how cloud is a security blind spot for many organisations who struggle with the limited visibility and control in this new environment, where their existing security tools are often not applicable.

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Spotlights
    • Spotlights

      Welcome to Computing's Spotlight section, where we focus in on particularly important themes and topics of enterprise IT.

      Intel logo

       

      Endpoint Management and Security Hub

  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
Computing
Computing
  • Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
 
  • You are currently accessing Computing via your Enterprise account.

    If you already have an account please use the link below to sign in.

    If you have any problems with your access or would like to request an individual access account please contact our customer service team.

    Phone: +44 (0) 1858 438800

    Email: customerservices@incisivemedia.com

    • Sign in
 
  • Security

Eskom denies its live customer database has been exposed online - but the security specialist who found it disagrees

MongoDB database 'does not belong to Eskom and is not hosted on our network', claims Eskom CIO

Eskom's Duvha Power Station in South Africa
Eskom's Duvha Power Station in South Africa
  • Graeme Burton
  • @graemeburton
  • 07 February 2019
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
0 Comments

South African utility giant Eskom has denied claims made earlier this week that its live customer database - including payment details, such as credit cards - has been exposed on the internet.

Responding to complaints from security specialists in South Africa, the company's acting CIO, Nondumiso Zibi, claimed that Eskom's investigations prove that the database "does not belong to Eskom and is not hosted on our network".

He added: "We have traced it and can confirm that it is hosted in the US. We have managed to trace the company responsible for this server and the database. The company is very co-operative and has since confirmed that the server has been shut down."

The company, he continued, is conducting further investigations to determine whether the data in question is valid and belongs to Eskom customers.

I never even gave them an IP of a server. How would they know which one?

— stoXe (@DevinStokes) February 7, 2019

But the security specialist who went public with the alleged compromise, Devin Stokes, described the company's explanation as nonsense - not least because he never provided Eskom with the IP address of the exposed MongoDB database.

"They had live payment records populating the database for electricity customers," he tweeted, pointing out that no-one from the company has bothered to contact him to find out more details about the exposed database.

He added that there are three likely explanations: "They left their database unsecured on an American cloud host, such as Azure or AWS (most likely); or, they got hacked and the data siphoned off (not likely); or, they sold the data to another company (no idea)..."

"I don't understand how your data being on someone else's servers, logging financial transactions through the mobile app in a live fashion is possible. Does that make sense to anyone else or am I crazy?" asked Stokes in response to Eskom's statement.

Further reading

South African electricity utility Eskom accused of ignoring customer credit card compromise
  • Security
  • 06 February 2019
MongoDB databases suffer huge ransomware attacks
  • Hacking
  • 09 January 2017
445 million customer records found on MongoDB database running on unsecured AWS server
  • Security
  • 12 September 2018
Amount of MongoDB data publicly exposed on the internet grows to 685TB
  • Threats and Risks
  • 17 December 2015
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Security
  • Cloud and Infrastructure
  • Eskom
  • live customer database
  • mongoDB
  • Devin Stokes

More on Security

NCSC launches CyberFirst Girls Competition - aims to boost female representation in cyber security

Women make up just eight per cent of the cyber workforce in the UK

  • Security
  • 18 January 2021
Matthew Green, Technology and Data Director at The National Lottery Community Fund
How digital transformation at the National Lottery Community Fund helped it work through Covid-19

Matthew Green, Technology and Data Director at The National Lottery Community Fund, explains how the programme, which included moving to mobile devices and leveraging technologies like Microsoft's O365 and Teams, meant that by the time of the first lockdown...

  • Cloud and Infrastructure
  • 15 January 2021
Understanding the shared responsibility model for security in the hybrid cloud

If the responsibilities of CSP and customers are not well understood, the risks to security are obvious

  • Cloud and Infrastructure
  • 14 January 2021
BA faces possible £800m data breach claim

Claim would be the largest group action personal data claim in UK history

  • Legislation and Regulation
  • 13 January 2021
Boosting cyber resilience when the odds are stacked against you

2020 exposed gaps in our ability to trust information, ignited cloud migrations, and put overburdened security teams under more strain. In 2021 we must focus on the danger areas

  • Security
  • 13 January 2021
blog comments powered by Disqus
Back to Top

Most read

Parler data breach: Hackers claim they downloaded everything from Parler before it was taken offline
Parler data breach: Hackers claim they downloaded everything from Parler before it was taken offline
Microsoft fixes Windows 10 bug forcing restarts
Microsoft fixes Windows 10 bug forcing restarts
Software errors wipes 'thousands' of arrest records from police databases
Software errors wipes 'thousands' of arrest records from police databases
Twitter CEO defends Trump ban while Telegram purges far-right channels
Twitter CEO defends Trump ban while Telegram purges far-right channels
Delta: Microsoft's identity management lead is under threat
Delta: Microsoft's identity management lead is under threat
  • Contact
  • Delta
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • YouTube

im_logo

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading