Nearly Entire Population of Turkey Hit by Alleged Data Breach

A massive data breach has exposed the personal details of approximately 82 million Turkish citizens, putting nearly the entire population at risk.

By Marco Rizal - Editor, Journalist 4 Min Read
Share this post?
Share this post?

A massive data breach has exposed the personal details of approximately 82 million Turkish citizens, putting nearly the entire population at risk.

The personal details of approximately 82 million Turkish citizens have been leaked and posted online, posing serious risk to nearly the entire population of the country.

If proven to be legitimate, this breach could be one of the largest in history. The leak was shared on BreachForums, a crime forum on the dark web, by the user “vavadetr” last Sunday.

The breach has exposed sensitive information, including full names, home addresses, citizenship numbers, tax numbers, and dates of birth.

The dataset is provided in the form of a MySQL database and consists of 82,322,190 lines. Each line represents a citizen in the table.

With Turkey's population currently standing at 86,275,055 according to Worldometer, it's important to note that this leak has the potential to impact a significant majority of the country's population, estimated at around 95%.

This breach is one of the most significant in the country's history, surpassing a previous data breach involving around 50 million citizens in April of 2016.

The previous breach which was downplayed by the government, as it was claimed to involve data from 2010, a time when Turkey's population was significantly smaller. However, the current leak cannot be minimized in the same way.

Turkey's population only surpassed 82 million in 2019, meaning that this data must be more recent and cannot be dismissed as outdated information.

Turkey Data Leak
MySQL database of Turkish citizens shared by threat actor in (Blurred for privacy)

The origin of this leak is still uncertain, and there are suspicions that the data might have been obtained from a Turkish government portal, similar to previous occurrences.

The absence of prompt detection within the two recent leaks indicates a notable vulnerability within the governmental systems.

With this data, cybercriminals now have access to a vast amount of information that can be used for various malicious purposes, such as identity theft, fraud, and phishing attacks.

This leaked data puts the affected individuals at a heightened risk of these threats due to its sensitive nature.

However, the legitimacy of this leak is uncertain due to the massive amount of data involved. With 82 million lines of pure data, it is nearly impossible to verify its accuracy in one sitting.

However, considering the recent leak a few months ago that was verified, it seems likely that this is an additional piece of information that was previously leaked.

Update: Users on Reddit also noted that there was a more significant breach. In November 2022, the Turkish Citizens Health Database “Halk Sağlığı Yönetim Sistemi” (HSYS) (hsys.saglik.gov.tr) experienced a data breach that affected over 100 million citizens.

The attack resulted in the unauthorized access to personal information, such as full names, dates of birth, general location (city and district), parents' names, and parents' ID numbers.

The previous breach's extent was significant, but it did not receive much attention from local and global news outlets.

2 Comments