(1) An unused sub-site on the Government Communication and Information System website that housed a redundant contact database was hacked exploiting an SQL injection vulnerability.
(a) No restricted area of the website was accessed. All the information on the sub-site database is public information and the log files of the content management system (CMS) of the sub-site database indicate that none of the exposed user information was used to log onto the CMS before the vulnerability was closed.
(b) No data was lost.
(c) The vulnerability was removed, all redundant accounts on the user table were locked and active accounts were reset.
(2) The Department’s website and the websites of the entities reporting to it have not been hacked over the past 12 months.
MR DONALD LIPHOKO
DIRECTOR GENERAL [ACTING]
GOVERNMENT COMMUNICATION AND INFORMATION SYSTEM
DATE:
MR NN MUNZHELELE
DIRECTOR GENERAL [ACTING]
DEPARTMENT OF COMMUNICATIONS
DATE:
MS AF MUTHAMBI (MP)
MINISTER OF COMMUNICATIONS
DATE