eThekwini Municipality

What Happened

In September 2016, the new eThekwini eServices website in South Africa was launched with a number of security holes that lead to the leak of over 98k residents' personal information and utility bills across 82k unique email addresses. Emails were sent prior to launch containing passwords in plain text and the site allowed anyone to download utility bills without sufficient authentication. Various methods of customer data enumeration was possible and phishing attacks began appearing the day after launch.

Compromised Data

Dates of birth
Deceased date
Email addresses
Genders
Government issued IDs
Names
Passport numbers
Passwords
Phone numbers
Physical addresses
Utility bills

Recommended Actions

Change Your Password

If you haven't changed your password on this service since the breach, do so immediately.

Enable Two-Factor Authentication

If 2FA is supported, add an extra layer of security to your account.

Sponsored
1Password

Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.

Try 1Password

Breach Overview

  • Affected Accounts:

    81.8 thousand

  • Breach Occurred:

    September 2016

  • Added to HIBP:

    15 Sep 2016

Recommended Actions

Change Your Password

If you haven't changed your eThekwini Municipality password since 2016, do so immediately.

Enable Two-Factor Authentication

Add an extra layer of security to your account.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password