South African IT firm Conor behind the leak of 1 million web browsing records

Over 890GB of browsing log data of all online activities of over 1 million users has been revealed due to an unencrypted database hailing from a web filter app built by Conor.
Written by Asha Barbaschow, Contributor

A database containing highly sensitive and private information and activity, including porn browsing history, has been exposed, with users in South Africa mostly affected.

The database, according to vpnMentor's research team, belonged to South African IT company Conor.

As the researchers detailed, daily logs of user activity by customers of ISPs using web filtering software built by Conor exposed all internet traffic and activity of these users, along with their personally identifying information.

The software was a web filter developed for ISP clients to restrict access to certain websites and types of online content.

See also: These are the worst hacks, cyberattacks, and data breaches of 2019

vpnMentor said its web scanner picked up the database on November 12. It was reportedly unsecured and unencrypted.

According to vpnMentor, over 890GB of data and over 1 million records were exposed.

vpnMentor said its team was able to view a user's activity on porn websites. It also said with usernames also exposed, locating a specific person on various social media platforms was easy.

"We viewed constantly updating user activity logs for the last two months from customers of numerous ISPs based in African and South American countries," the report details.

"We found entries from users viewing porn for example, as well as their social media accounts."

In addition to websites visited by users, vpnMentor's researchers were able to view the index names, which exposed daily activity; MSISDN, a global mobile communications subscription number; IP addresses; the duration of connection or visit to a website; the volume of data transferred per session; the full website URL; and if a website had been blocked by the filter or not.

The database also exposed how Conor's web filter worked and its rules for blocking content, with vpnMentor highlighting how this knowledge could be used to bypass the filter, making it ineffective and redundant.

According to the company's website, it has a presence in Chad, the Democratic Republic of the Congo, Gabon, Ghana, Kenya, Lesotho, Malawai, Namibia, South Africa, and Tanzania. In South America, its footprint extends to Bolivia, Colombia, and Venezuela. 

vpnMentor said its team viewed data entries from numerous mobile ISPs, such as Tshimedzwa Cellular and Flickswitch in South Africa, and MTN in Kenya. There were also entries from South American countries, such as Bolivia, it said.


Editorial standards