Connect with us

Business

Nedbank Security Glitch Exposed Sensitive Info but No Evidence of Misuse, Says Researcher

Business

Aspen Just Lost R1 Billion: What Happened to South Africa’s Pharma Powerhouse?

Business

Where Did the Numbers Go? South Africa’s TV Ratings Disappear Behind a Paywall

Business

Great News for TymeBank Customers: Smart ID and Passport Services Are Coming to Your Neighbourhood

Business Tech

Why Tech Enthusiasts Are Raving About the Synology DS925+: Real Stories from Real Users

Business

Discovery Bank Hits Its Stride: Digital Bank Turns a Corner and Drives Group Success

Business

R120 Billion Offshore Investment Set to Create 200,000 Jobs in South Africa

Business

South Africa’s Business Confidence Stalls as Trade Tariffs and Costs Bite

Business

Eskom tariff settlement: Mining firms demand tariff reopener after R54bn deal

Business

Woolworths Reports R7.3 Billion Loss as Australian Operations Weigh Down Local Success

Business

Navigating South Africa’s Energy Transition: Why Eskom’s Dual Role Could Spark the Next Electricity Crisis

Business

Another Global Giant Quits South Africa: Nielsen to Exit After 100 Years of Market Research Legacy

Business

South Africa’s New ZA Plug: What It Means for Homes and Businesses

Business

Millionaires Swap Gauteng for the Western Cape in 2025

Business

South Africans Brace for Higher Electricity Prices After Eskom–Nersa Deal

Business

South Africa’s Car Sales Hit Six-Year High, but Export Roadblocks Loom

Business

South Africa’s Manufacturing Slips Back Into Contraction, Raising Alarms for 2025 Growth

Business

End of an Era: ArcelorMittal’s Closure Leaves Newcastle Facing an Uncertain Future

Business

Takealot Expands Into Business Services With New Procurement Platform

Business

End of an Era: ArcelorMittal South Africa Shuts Long Steel Division

Business

South Africa’s R500 Million Pension Scandal Sparks Outrage as Law Change Looms

Business

From Domestic Worker to Entrepreneur: How Yaya’s Rusks is Challenging OUMA in South Africa

Business

The R1 Deal That Sold Out Durban: Why Sapref’s Sale Feels Like Betrayal

Business

Steel Tariff Shake-Up: Why South Africa’s Industry is Anxious About Itac’s Proposal

Business

South African Salaries Take a Hammer Blow as Debt and Inflation Squeeze Households

Business

Old Mutual’s OM Bank Officially Launches to Take on Capitec in South Africa

Business

MTN Tops Vodacom in South Africa’s 2025 Voice Quality Rankings

Business

Capitec Tops the Charts as Africa’s Most Valuable Bank in 2025

Business

Why Private Security is Quietly Taking Over in South Africa

Business

Jannie Mouton’s R7.2 Billion Curro Deal Could Be South Africa’s Biggest Gift to Education

Business Tech

South Africa’s Fibre Leap: DFA Breaks World Record with 1.6 Tbps on a Single Wavelength

Business

From Negotiator to Tycoon: How Ramaphosa’s Business Web Forged His Billion-Rand Legacy

Business

Nedbank Security Glitch Exposed Sensitive Info but No Evidence of Misuse, Says Researcher

Published

3 months ago

on

Sourced: X {https://x.com/MDNnewss/status/1931632928875831704}

When a local student’s sharp eye saved us from a potential financial nightmare

In a story that highlights both the risks and resilience of South Africa’s financial system, a serious security flaw was found in Nedbank’s credit score checking service. This vulnerability could have allowed cybercriminals to access security questions of millions of financially active South Africans. Thankfully, thanks to quick action and an alert young researcher, no evidence suggests this sensitive data was misused.

How did this happen?

The problem stemmed from how Nedbank’s website handled authorization tokens those digital keys meant to protect your personal data. It turns out these tokens were not implemented correctly, allowing a logged-in user to query the security questions linked to any South African’s financial profile. Crucially, you didn’t even have to be a Nedbank customer to log in, just a cellphone for receiving a simple “Approve-It” message.

Imagine that, a hacker with only a phone could potentially harvest answers to security questions, those little passwords we often give over the phone to prove who we are. These questions are frequently used by banks and call centres to verify identity, meaning the implications for fraud and identity theft were significant.

Who discovered it and what happened next?

Enter Veer Gosai, a second-year computer science student at Stellenbosch University. Gosai uncovered the flaw and responsibly disclosed it at the end of March 2025. Nedbank moved swiftly, disabling the vulnerable system within ten days and launching a thorough investigation.

Nedbank assured the public that, after combing through the logs, there’s no sign that hackers exploited this weakness. The system is set to return in June 2025, boasting stronger security measures.

A bigger picture of security challenges

This isn’t the first time Gosai has played a key role in exposing critical vulnerabilities. Just last year, he and his classmate Joel Cedras revealed a massive loophole in the Social Relief of Distress (SRD) grant system managed by Sassa. Their investigation found identity theft and fraud were rampant due to multiple security failures, from lax verification by mobile operators to banks not properly checking applicant documents.

Their findings led to government briefings and prompted some corrective measures. Yet, not all vulnerabilities have been fixed, and the full scale of SRD fraud remains under investigation.

What this means for South Africans

South Africans are understandably concerned. Many took to social media expressing frustration over how personal information can be vulnerable despite living in a digital age. Others praised Gosai’s work, highlighting how vital young, local talent is to protecting the country’s digital future.

This episode sheds light on the ongoing challenge South Africa faces in balancing technological progress with robust cybersecurity. It also underscores the need for constant vigilance not just from banks and government agencies, but from every citizen.

Why you should care

Security questions might seem like a small detail, but they are often the first line of defense against identity theft and financial fraud. When those safeguards falter, the consequences can be devastating, drained bank accounts, ruined credit, and long legal battles.

Nedbank’s quick response offers some reassurance, but this story is a wake-up call. As digital services expand, so does the risk. Keeping our personal data safe requires all hands on deck: banks upgrading security, regulators enforcing standards, and users staying alert to suspicious activity.

Nedbank has promised enhanced protections when their credit service comes back online next year. Meanwhile, Gosai and other researchers will likely keep digging, making sure South Africa’s digital borders stay secure.

For now, the takeaway is clear: vigilance works, local talent matters, and the fight to protect our financial identities is far from over.

{Source: My Broad Band}

Follow Joburg ETC on Facebook, Twitter , TikTok and Instagram

For more News in Johannesburg, visit joburgetc.com

Related Topics:
Continue Reading