Personal details of 50 million Turkish citizens leaked online by hackers
Hackers claim to have hacked a database that reportedly contains the personal information of nearly 50 million Turkish citizens, including that of the country’s President, Recep Tayyip Erdogan, and have posted those details online in a huge security breach.
If confirmed, the leak would become one of the largest privacy breaches, by number of records, ever.
The database comprising of 49,611,709 documents was posted on the website of an Icelandic group that specializes in exposing leaks on Monday, thereby putting people at risk of fraud and identity theft. Details include national ID numbers, addresses, birthdates and parents’ names.
Hosted on 220.127.116.11, a Finish IP address, the 1.5GB compressed (6.6GB uncompressed) database was offered for download to anyone who is interested via P2P, which was streamed by more than 650 users.
On the other hand, the Associated Press on Monday was able to partially confirm the validity of the leak by running 10 non-public Turkish ID numbers against names contained in the dump. Eight were a match.
The data leak came with the message: “Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?”
The hackers pointed out to the lessons to be learned by Turkey. Firstly, they said: “Bit shifting isn’t encryption,” alluding to the fact that the data was improperly protected.
The second was “Index your database. We had to fix your sloppy DB work.” Non-indexed databases are a sign of poor programming skills, and should, in theory, explain why encryption wasn’t used to protect sensitive information.
Thirdly, the hackers also disclosed how they got in: “Putting a hardcoded password on the UI hardly does anything for security.” Although, they did not specify in what UI.
The last lesson was a double political message, one for Turkey, and one for the US. First, the hackers said “Do something about Erdogan! He is destroying your country beyond recognition,” while also adding “We really shouldn’t elect Trump, that guy sounds like he knows even less about running a country than Erdogan does.”
The Turkish government is not alone in facing a major breach in an era where hackers regularly gain access to sensitive information.
Jacob Applebaum, an American computer security specialist and hacker based in Berlin, said the recent leak could create a major breach for the Turkish authorities, referring to last year’s hacking of the United States Office of Personnel Management database, which is believed to have compromised the records of 18 million people.
“If this is really what it claims, I think it is one of the largest security/PII breaches since the #OPM hack,” he wrote on Twitter.