De Jager said they bought the information to track down potential clients who might want to sell their houses.

“If we arrive at house and a tenant tells us that he knows the owner wants to sell the house‚ we ask them who the owner is. They often do not know who the owner is. We then go and extract that specific property’s information based on the address to get the owner’s information.”

Dracore CEO Chantelle Fraser said they were not responsible for publishing the information and had no kowledge of how external companies used the information.

The personal information that was published could be used for crimes like identity theft.

Dr Jabu Mtsweni‚ cybersecurity expert at the Council for Scientific and Industrial Research (CSIR) said this information could also be sold on the internet to the highest bidder.

“People who want to clone my identity. They don’t necessarily need my ID number. I don’t need to lose my ID number … This information can also be used by criminals to actually try and authenticate themselves as yourself over the phone.”

Professor Basie von Solms‚ director of the Centre for Cyber Security at the University of Johannesburg‚ said cyber criminals could use the information in this breach to obtain credit.

“With enough personal information‚ one can do damage to a person by illegally opening credit accounts or make bookings. It is an extremely big risk. The great risk is to the individual whose data has been breached.”

South Africans were alerted to the leak by Troy Hunt‚ an Australian web security expert‚ who first tweeted about it on Tuesday.

Hunt said “it’s crazy”‚ because it lists “almost every living person” in South Africa.

“Every person that I have checked that sent me their ID number‚ I have found a record for. That is very concerning.”

Von Solms noted South Africans were not out of the woods‚ because Hunt and others could have made back-ups of the information.

Hunt received the information earlier this year‚ but he only got around to checking it earlier this week. He often receives information from various sources‚ because he created HaveIBeenPwnd.com‚ a website where you can check if your information has been compromised in any data breaches against about 4.8 billion records.“Fortunately these are people [sharing the information] who have a very ethical intent.”

– Additional reporting by Ernest Mabuza