Eskom denies its live customer database has been exposed online - but the security specialist who found it disagrees

MongoDB database 'does not belong to Eskom and is not hosted on our network', claims Eskom CIO

Eskom's Duvha Power Station in South Africa

Graeme Burton
@graemeburton
07 February 2019

Tweet
Facebook
LinkedIn
Send to

South African utility giant Eskom has denied claims made earlier this week that its live customer database - including payment details, such as credit cards - has been exposed on the internet.

Responding to complaints from security specialists in South Africa, the company's acting CIO, Nondumiso Zibi, claimed that Eskom's investigations prove that the database "does not belong to Eskom and is not hosted on our network".

He added: "We have traced it and can confirm that it is hosted in the US. We have managed to trace the company responsible for this server and the database. The company is very co-operative and has since confirmed that the server has been shut down."

The company, he continued, is conducting further investigations to determine whether the data in question is valid and belongs to Eskom customers.

I never even gave them an IP of a server. How would they know which one?
— stoXe (@DevinStokes) February 7, 2019

But the security specialist who went public with the alleged compromise, Devin Stokes, described the company's explanation as nonsense - not least because he never provided Eskom with the IP address of the exposed MongoDB database.

"They had live payment records populating the database for electricity customers," he tweeted, pointing out that no-one from the company has bothered to contact him to find out more details about the exposed database.

He added that there are three likely explanations: "They left their database unsecured on an American cloud host, such as Azure or AWS (most likely); or, they got hacked and the data siphoned off (not likely); or, they sold the data to another company (no idea)..."

"I don't understand how your data being on someone else's servers, logging financial transactions through the mobile app in a live fashion is possible. Does that make sense to anyone else or am I crazy?" asked Stokes in response to Eskom's statement.

Deskflix: Identity and Access Management

Combatting rogue URL tricks: How you can quickly identify the latest phishing attacks

Inside modern ERP: Enabling transformation in people and processes

DevSecOps: The key to more secure, efficient, and compliant development

Endpoint Management and Security Hub

Eskom denies its live customer database has been exposed online - but the security specialist who found it disagrees

MongoDB database 'does not belong to Eskom and is not hosted on our network', claims Eskom CIO

Further reading

South African electricity utility Eskom accused of ignoring customer credit card compromise

MongoDB databases suffer huge ransomware attacks

445 million customer records found on MongoDB database running on unsecured AWS server

Amount of MongoDB data publicly exposed on the internet grows to 685TB

Former Hargreaves Lansdown CIO partners with global cyber security platform to take on the fight against hackers.

Double jeopardy: Are universities becoming the new target for cybercriminals and spies?

Nutanix debuts Karbon managed Kubernetes service to boost hybrid and multi-cloud capabilities

In an age of change, Neustar has focused on protection

Microsoft releases Windows updates to fix Meltdown/Spectre security flaws in Intel CPUs

Shortlist announced for Cloud Excellence Awards 2020

Facebook threatens to quit EU after spat with Irish regulator

EU seeks sweeping powers to tame tech giants

Bosch Power Tools' metamorphosis into a data company with Kafka

Saving lives with IT