South Africa’s Adumo allegedly breached with 15,456 files up for sale on dark web

Adumo, one of South Africa’s largest payment processors handling over R100 billion in annual transactions, has allegedly suffered a cybersecurity breach, with a threat actor offering stolen internal data for sale on a dark web forum.

The stolen data includes 15,456 files (14GB) of sensitive information, reportedly priced at R114,000 (approximately $6,950). It allegedly contains several versions of virtual card application installers, Adumo’s transaction processing system, and key components of their payment system used with DataSmith retail management software.

The listing also claims to have source code related to card operations, including activation, allocation, debit, and refund processes, as well as complete source code detailing how Adumo’s card machines work.

Adumo acknowledged the reports when contacted by My BroadBand. “Adumo is aware of information circulating online and is conducting an internal investigation to verify its source and scope,” the company said.

“Our initial assessment indicates that the material referenced is routinely shared with external partners and does not include customer data.” A follow-up statement added that the alleged sale “does not impact Adumo’s business operations.”

Security experts note that exposure of partner-shared internal systems on dark web forums can still increase attack risk. Cybercriminals can buy this information and analyze it to identify potential system vulnerabilities.

Then, they can plan more complex attacks whenever they want, without being rushed, and with a strong financial incentive.

Security implications of exposed Adumo source code

Cloud security firm Wiz has previously warned that leaked source code can cause serious security problems and the loss of valuable intellectual property. If the code that runs a payment system is revealed, hackers gain a detailed understanding of how transactions work, where security checks are performed, and potential weaknesses.

In Adumo’s situation, the reported breach involves their complete set of InnerEdge Docker Images, which are essential to their main processing system.

History shows us how serious this can be. For example, in May 2020, the source code for Microsoft’s Windows 10 was leaked online. This immediately caused worry that hackers could find weaknesses to exploit. A payment processor could face even more direct and serious consequences from a similar leak.

Similar read: Rockstar Games suffers massive breach as hackers steal 78.6 million records

The alleged breach is believed to have occurred at a particularly vulnerable time for South African financial institutions. Just last week, Standard Bank experienced a separate security incident where a threat actor allegedly stole 1.2TB of company and customer data from its internal systems.

This data extraction reportedly went undetected for three weeks. Standard Bank maintains that its core systems are secure, but has acknowledged that some credit card information was released online and has promised to directly notify impacted customers.

In 2024, Lesaka Technologies, which is listed on the Nasdaq stock exchange, bought Adumo for $96.2 million. Adumo has not yet provided details about the extent of the reported data breach or announced when its internal investigation will be finished.