A database allegedly containing details of up to half of Turkey’s population has been posted online making nearly fifty million people vulnerable to privacy violation and identity theft.
The Guardian reports:
The database, which has not been verified as authentic, was posted to a server apparently hosted in Romania on Monday with an introduction reading “Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?”
BYPASS THE CENSORS
Sign up to get unfiltered news delivered straight to your inbox.
You can unsubscribe any time. By subscribing you agree to our Terms of Use
As well as the national ID numbers for all of the entrants in the system, it also contains a large amount of other personal information, including full name and parents’ names, full address, and date of birth. Specifically excerpted from the full dump are what appear to be the specific information of the current president of Turkey, Recep Tayyip Erdoğan, his predecessor, Abdullah Gül, and the current prime minister, Ahmet Davutoğlu.
Alongside the full database, the site hosting the dump also contains some “lessons to learn” for Turkey, hinting at how the data was stolen. The lessons include: “Bit shifting isn’t encryption”, “Index your database. We had to fix your sloppy DB work”, and “Putting a hardcoded password on the UI hardly does anything for security”. The advice suggests that the database itself was shoddily secured, with little effective security to keep whoever accessed it from exfiltrating the entire dump.
The final lesson comes from a different angle, warning Turks: “Do something about Erdoğan! He is destroying your country beyond recognition.” The suggestion that the hacker isn’t themselves Turkish is backed up in another statement, which gives “lessons” to Americans: “We really shouldn’t elect Trump, that guy sounds like he knows even less about running a country than Erdoğan does.”
