The personal details of approximately 82 million Turkish citizens have been leaked and posted online, posing serious risk to nearly the entire population of the country.
If proven to be legitimate, this breach could be one of the largest in history. The leak was shared on BreachForums, a crime forum on the dark web, by the user “vavadetr” last Sunday.
The breach has exposed sensitive information, including full names, home addresses, citizenship numbers, tax numbers, and dates of birth.
The dataset is provided in the form of a MySQL database and consists of 82,322,190 lines. Each line represents a citizen in the table.
With Turkey's population currently standing at 86,275,055 according to Worldometer, it's important to note that this leak has the potential to impact a significant majority of the country's population, estimated at around 95%.
This breach is one of the most significant in the country's history, surpassing a previous data breach involving around 50 million citizens in April of 2016.
The previous breach which was downplayed by the government, as it was claimed to involve data from 2010, a time when Turkey's population was significantly smaller. However, the current leak cannot be minimized in the same way.
Turkey's population only surpassed 82 million in 2019, meaning that this data must be more recent and cannot be dismissed as outdated information.
The origin of this leak is still uncertain, and there are suspicions that the data might have been obtained from a Turkish government portal, similar to previous occurrences.
The absence of prompt detection within the two recent leaks indicates a notable vulnerability within the governmental systems.
With this data, cybercriminals now have access to a vast amount of information that can be used for various malicious purposes, such as identity theft, fraud, and phishing attacks.
This leaked data puts the affected individuals at a heightened risk of these threats due to its sensitive nature.
Subscribe to our newsletter
However, the legitimacy of this leak is uncertain due to the massive amount of data involved. With 82 million lines of pure data, it is nearly impossible to verify its accuracy in one sitting.
However, considering the recent leak a few months ago that was verified, it seems likely that this is an additional piece of information that was previously leaked.
Update: Users on Reddit also noted that there was a more significant breach. In November 2022, the Turkish Citizens Health Database “Halk Sağlığı Yönetim Sistemi” (HSYS) (hsys.saglik.gov.tr) experienced a data breach that affected over 100 million citizens.
The attack resulted in the unauthorized access to personal information, such as full names, dates of birth, general location (city and district), parents' names, and parents' ID numbers.
The previous breach's extent was significant, but it did not receive much attention from local and global news outlets.
The 50M-person leak mentioned in the article surfaced in 2016. The claim that it happened a few months ago is clearly wrong. There is HSYS database leak, but not only that it’s smaller it happened a few years ago.
I appreciate you bringing that to my attention, truly. It seems that a leak involving 50 million people did indeed come to light in 2016. It just so happen that the version I came across has been altered to appear as if it was published in 2024, with the translations making it difficult to understand. Regarding the HSYS database leak 2 years ago, it contained a different dataset, though it did occur. Sorry for the obvious mistake, the article has been corrected.