Get more Mail & Guardian
Subscribe or Login

Justice department denies links to Brazzers porn website

In some parts of the interwebs, there’s been a bit of chatter around South African government employees who are possibly browsing a porn forum while on the taxpayers’ clock. A huge data leak last week showed that employee email accounts from four government departments were used to subscribe to porn website, Brazzers.

The justice and correctional services department is just one of the government departments listed in the leak. Others include:

  • sars.gov.za (South African Revenue Service)
  • lda.gov.za (Limpopo Department of Agriculture and Rural Development)
  • hantam.gov.za (Hantam Municipality in the Northern Cape)

But despite the leak linking government employees to the website, the Ministry of Justice and Correctional Services denied that this was the case.

“It needs to be understood that visitors to this offending site need to register with an email address to gain access. During this process it is possible that any email address can be used. This information can even be falsified and does not necessarily depict a connection from either a DoJ&CD employee or infrastructure,” Advocate Mthunzi Mhaga, spokesperson for the justice and correctional services ministry, said.

The website Vigilante.pw notified media of the hack into the Brazzers website, where at least 790 724 unique email addresses and passwords of users from the site’s forum had been leaked. Vigilante.pw is a group that monitors when hacks happen, who is hacked, and the impact of the breach on the privacy of users.

An operator for the website told MyBroadband that the Brazzers leak contained 519 email addresses from South African domains.

“Most of these addresses are co.za. One was from an org.za domain, while four were from gov.za domains,” MyBroadband reported

The South African Revenue Services (Sars), the Limpopo Department of Agriculture and Rural Development and the Hantam municipality did not respond to questions from the Mail & Guardian at the time of publishing.

The justice department did, however, make it clear they have a strict IT “Acceptable Use Policy” which is meant to “set clear standards for acceptable and considerate use of IT systems and services”. Pornography, according to the department’s guidelines, qualifies as “unacceptable use”. Part of the department’s implementation of that policy includes a ban on pornographic websites at its offices.

“It should be noted that the offending sites cannot be accessed from any Department of Justice location as this, and similar sites, have been blocked. It also need to be understood that visitors to this offending site need to register with an email address to gain access,” Mhaga said.

The department also said that the keyword “brazzers” had not appeared in any subject line in the emails received in the department’s database.

While some users told Motherboard, Vice’s tech culture online magazine, that they had created unique email addresses and passwords to protect themselves as far as possible, the government employees who used their work email addresses to subscribe to the site have put more personal information at risk – like where they work. 

The hack was made easy because the website stores user passwords in plain text, rather than saving a representation of a password that is not its actual text format. If the website can email users their exact password, then it’s considered poor practice because it means hackers will be able to access the passwords when they breach the site.

Matt Stevens, Brazzers’ public relations manager, told Motherboard that the problem lied with a third party software used to manage the forums, rather than the Brazzers website itself.

“This matches an incident which occurred in 2012 with our ‘Brazzersforum,’ which was managed by a third party. The incident occurred because of a vulnerability in the said third party software, the ‘vBulletin’ software, and not Brazzers itself.” 

Stevens went on to add that only a “small portion” of users were exposed in the leak, but even users who didn’t use the forum had their information compromised.

The justice department said that should any of its employees be found to have breached its IT policy, disciplinary action will be taken.

Subscribe for R500/year

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them and get a 57% discount in your first year.

Raeesa Pather
Raeesa Pather
Ra’eesa Pather is a Cape Town-based general news and features journalist.

Related stories

WELCOME TO YOUR M&G

If you’re reading this, you clearly have great taste

If you haven’t already, you can subscribe to the Mail & Guardian for less than the cost of a cup of coffee a week, and get more great reads.

Already a subscriber? Sign in here

Advertising

Subscribers only

South Africa’s mothballed ‘supermall-ification’ sets strip malls up for success

Analysts agree that the country has enough malls and that, post-Covid, the convenience of local centres lure customers

Mabuza’s Russian jaunts and the slippery consequences of medical tourism

For more than five years the deputy president has remained steadfast in his right to travel abroad to receive medical treatment

More top stories

Deputy president Mabuza begs Tshwane voters: ‘Don’t abandon the ANC’

Angry Atteridgeville residents hurl insults at ‘dysfunctional’ ANC full of ‘corrupt individuals’ as Mabuza fails to placate them with party T-shirts and doeks

Taxi operators clash with cops over disputed Route B97 in...

Three suspects remain in custody following their arrest on charges of attempted murder and assault after eight taxis were impounded

SA teens, you’re next in the queue for a vaccine...

Teenagers between the ages of 12 and 17 will be able to register to receive their Covid-19 jab from 20 October. This group will be given only one dose of the Pfizer vaccine, for now

Former US secretary of state Colin Powell dies aged 84

The 84-year-old died as a result of complications from Covid-19
Advertising

press releases

Loading latest Press Releases…
×