According to a recent report from MyBroadBand, more than 27,000 Showmax account usernames and passwords have been exposed online. While MultiChoice, the parent company of Showmax, has not yet provided details on how the attackers obtained this data, they have acknowledged the attack assuring that their cybersecurity team is actively addressing the situation.
According to a blog post the company said;
Showmax was recently made aware of an external incident where an unknown party published a small number of subscriber login details on an illicit website…As soon as we were notified about this, our cybersecurity team initiated an investigation to assess the scope and nature of the incident.
Showmax
As highlighted in the MyBroadBand report, a thorough analysis of the leaked file indicates that it consists of 27,911 lines, with each line containing an email address serving as a username. However, it is worth noting that the initial 100 or so lines appear to contain incomplete or truncated records.
Upon initial examination, it seems that the leak may have occurred due to credential harvesting through a brute-force attack, as a significant number of the passwords identified were deemed weak in nature. A brute force attack is when hackers use trial-and-error to guess login info, encryption keys, or hidden personal details.
“Our initial investigation showed that some of our customers’ emails and passwords were compromised,” the Showmax blog post further stated.
This is coming a year after Vulners highlighted a concerning issue regarding Showmax’s authentication and password recovery pages. According to their report, Showmax was found to lack rate-limiting measures. This vulnerability could potentially expose the platform and its users by allowing malicious actors to carry out brute-force attacks.
Read Also: Confidence Staveley becomes first Nigerian finalist of Cybersecurity Woman of the Year Award
Showmax in a continent with low cybersecurity
The WSIS Forum 2023 report highlighted an ECA 2022 report, revealing that African cybersecurity is comparatively underdeveloped compared to other regions. This vulnerability exposes the continent to an increased risk of cyberattacks, particularly concerning as the African digital market is projected to reach a substantial USD 712 billion by 2050.
A comprehensive study conducted by Kaspersky in 2023 also revealed that a staggering 47% of systems in Africa encountered attempted malware attacks within the past year. Moreover, Checkpoint Research’s report documented an alarming average of 1,875 cyberattacks per week on African territory during the last quarter of 2022, surpassing other regions worldwide.
The results of these findings underscore the urgent need to address the significant lack of cybersecurity knowledge within the African population. It is also concerning to observe that African countries generally have inadequate disclosure policies, practices, and enforcement measures when it comes to cybersecurity.
However, when hackers successfully breach user data from streaming platforms, several consequences can occur. Some of the many reasons are:
- Unauthorized access: This Showmax breach can compromise the privacy and security of the affected users’ accounts, giving access to their personal information including email addresses and passwords. This could also lead to potential misuse of their subscription and a hijacking of these users’ accounts.
- Data thefts: Although Showmax reported that customers financial information has not been tampered with, user data obtained can still be sold on the dark web or used for identity theft which can lead to phishing attempts or other forms of cybercrime targeting the affected users.
- Credential Stuffing Attacks: According to Comparitech, almost two-thirds of people use the same password across multiple accounts. With this data breach, the impact can extend beyond Showmax itself. Many people tend to reuse passwords across multiple online platforms, which means that if their Showmax password is leaked, it may also provide unauthorized access to their other accounts, such as email, social media, or banking.
- Reputation Damage: Streaming platforms may suffer reputational damage due to security breaches. Users may lose trust in the platform’s ability to protect their data, leading to a loss of subscribers and negative publicity.
How to protect yourself from data breaches and cyberthreats
Well, if a company experienced data breaches, you still might fall victim because your data are stored with them. But nevertheless, there are steps you can take to protect yourself from situations, and take precautions and actions to quickly detect and respond to any suspicious activity.
- Use Strong and Unique Passwords: Brute force attacks are very common as they are frequently attempted by cyber attackers. So, it is important to create strong, complex passwords for each online account. It might be difficult to remember all the passwords but as much as possible, avoid using common passwords or reusing passwords across multiple platforms. You could opt for a reliable password manager to securely store and manage your passwords.
- Enable Two-Factor Authentication (2FA): Two Factor Authentication, or 2FA, is like an extra layer of protection used to ensure the security of online accounts. Try as much as possible to enable 2FA whenever available.
- Be Conscious of Phishing Attempts: Clicking suspicious ads, emails, and links should be avoided. Try to verify the legitimacy of all of these before clicking or even downloading attachments from untrusted sources.
- Use Secure Wi-Fi Networks: Do you know that hackers can get your data from Wi-Fi networks? Avoid using public or unsecured Wi-Fi networks for sensitive activities like online banking or accessing personal accounts. If possible, use virtual private networks (VPNs) to encrypt your internet traffic. This will also enhance security.
- Educate Yourself: If you can spend as much time as you spend online learning and stay informed about the latest cybersecurity best practices and trends, you might just be able to understand and recognize common attack techniques, such as phishing or social engineering, etc.
This Showmax incident has further highlighted the importance of the African audience imbibing cybersecurity knowledge and understanding the significance of strong, unique passwords and the need to regularly update them.
Showmax however assured its customers of their security and privacy. According to the streaming company:
Protecting the security and privacy of our customers is our top priority. We want to emphasize that this was an external incident and that there was no breach of Showmax’s databases. We strictly adhere to privacy regulations and are committed to improving our security measures to protect our customers’ valuable information. Rest assured that we are taking all necessary steps to ensure the continued safety of your data. We will keep you updated on any developments.
Read Also: Top cybersecurity predictions for African businesses in 2023, according to experts