In what is one of the largest public leaks of its scale, political hackers have posted a database online that contains the personal information of almost 50m Turkish citizens.
The leaked database has more than 49.6m entries and is hosted by an Icelandic-based group that specialises in divulging leaks.
The 6.6GB file includes a trove of data and the entries include data such as national ID numbers, addresses, dates of birth, gender, ID registration cities and districts and names of parents.
Hosted on 185.100.87.84, a Finnish IP address, the 1.5GB compressed (6.6GB uncompressed) database was offered for download via P2P, and was streamed by more than 650 users, according to Softpedia.
While the information published by the hackers is no different from what exists on ID cards in Turkey, the publication of the data opens a considerable number of people up to potential ID fraud.
Politically-motivated attack
To prove the validity of the data, the hackers published the details of Turkey’s president Recep Tayyip Erdogan.
While the hackers didn’t have a name, the attack appears to be politically motivated.
They wrote: “Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?”
The hackers taunted the Turkish ruling establishment and its Islamist Justice and Development Party (AKP) government.
The hackers also criticised the way the data – ostensibly from a Turkish state server – was protected, highlighting that bit shifting isn’t encryption and indicating poor programming skills were at play.
They said: “Index your database. We had to fix your sloppy DB work.”
They added: “Putting a hardcoded password on the UI hardly does anything for security.”
Istanbul image via Shutterstock