ShellCodeX Breach Report
Ster-Kinekor Data Breach
sterkinekor.co.za
Verified breach
Passwords exposed
Accounts exposed
1,619,544
Breach date
09 Mar 2017
Added to tracker
13 Mar 2017
Data classes
8
What happened
In 2016, the South African cinema company Ster-Kinekor had a security flaw which leaked a large amount of customer data via an enumeration vulnerability in the API of their old website. Whilst more than 6 million accounts were leaked by the flaw, the exposed data only contained 1.6 million unique email addresses. The data also included extensive personal information such as names, addresses, birthdates, genders and plain text passwords.
Exposed data
Dates of birth
Email addresses
Genders
Names
Passwords
Phone numbers
Physical addresses
Spoken languages
Recommended actions
- Change your Ster-Kinekor password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Ster-Kinekor โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP