DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Turkish Citizenship Database Leak (Update 2)

Posted on April 3, 2016 by Dissent

Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?

Seen online after a subsequently-deleted tweet called attention to it:

This paste with a link to a 6.6 GB file, purportedly containing clear-text information on 49,611,709 Turkish citizens, including the following details:

  • National Identifier (TC Kimlik No)
  • First Name
  • Last Name
  • Mother’s First Name
  • Father’s First Name
  • Gender
  • City of Birth
  • Date of Birth
  • ID Registration City and District
  • Full Address

An IP lookup places the IP in Iceland, with the owner as Flokinet Ehf, website: twistednetworks.net.
[UPDATE: a commenter points that the source I used was wrong:

First: the IP is located in Romania
Second: that twistednetworks.net has nothing to do with the hosting company Flokinet Ehf. It’s very obvious in the IP whois or even if you do a simple google search, that the host website is https://www.flokinet.is

Please check your facts carefully.

Weird… I’ll have to go back to figure out which lookup site I used that was so wrong, but thanks!

The hackers left a terse message:

Lesson to learn for Turkey:

  • Bit shifting isn’t encryption.
  • Index your database. We had to fix your sloppy DB work.
  • Putting a hardcoded password on the UI hardly does anything for security.
  • Do something about Erdogan! He is destroying your country beyond recognition.

Lessons for the US? We really shouldn’t elect Trump, that guy sounds like he knows even less about running a country than Erdogan does.

 The paste also contained the personal information on Erdogan and Davutoglu, which DataBreaches.net is not reproducing here.
DataBreaches.net did not download the massive database, and it’s not yet clear if these are old data from 2009 from a previous breach, a possibility raised by coverage of another leak noted on Daily Dot in February. If anyone can confirm whether these are old data or new data, please let me know.

Update: Turkish minister calls massive data leak report an ‘old story’:

Turkey’s communications minister has denied reports of a massive data leak containing the personal information of nearly 50 million Turkish citizens, saying the leak was an “old story” from 2010, as allegations triggered concerns over personal data protection.

“This is a very old story. A similar allegation was made in 2010,” Turkish Transportation, Communication and Maritime Affairs Minister Binali Yıldırım told reporters during a meeting with board members of the Turkish World Union of Engineers and Architects (TDMMB) on April 5.

Denied reports? “Similar allegation?” Is he saying that the data are fake or just that it’s an old leak and not new data? The reporters could have done a better job on questioning and follow-up here, but it seems that my suspicion that this was an old leak was correct.

Update: as more info comes out, it seems that yes, these are not new data, but then why didn’t the government ever investigate this leak before? Media (including this site) reported this leak more than one year ago.

Update2: Turkey’s election authority says the leak was not from their system, but the data appear to be data they had shared with others. So one down (if they’re telling the truth), and a bunch of other entities to check with.

Category: Breach IncidentsExposureGovernment SectorHackNon-U.S.

Post navigation

← The Panama Papers
This student put 50 million stolen research articles online. And they’re free. →

31 thoughts on “Turkish Citizenship Database Leak (Update 2)”

  1. Hendrik says:
    April 4, 2016 at 6:26 am

    did anyone verify that dataset yet?

    1. no name:) says:
      April 4, 2016 at 10:25 am

      I can verify as a turkish person, its 100% true. My mom’s identify is correct. There is no info about me cuz i wasn’t 18 on 2009.

      1. Dissent says:
        April 4, 2016 at 8:03 pm

        So this is data from 2009?

        1. Leaked Turkish says:
          April 5, 2016 at 4:55 pm

          yep, it’s from 2009, this db leaked 2 times before (in this year and a few years ago) as encyripted. Encyripted version can be use with its Delphi written program named Sorgu.exe
          Someone decyripted the table and leaked it 3. time.

    2. Anonymous says:
      April 6, 2016 at 5:53 pm

      i can definetly verify too. mine, my mom’s my bf’s, my boss’ are correct too…

  2. kør says:
    April 4, 2016 at 9:34 pm

    Looks like old data to me. The entry I checked is at least a couple of years old.

  3. Zzz says:
    April 4, 2016 at 10:32 pm

    How can we reach the data

    1. Biri says:
      April 7, 2016 at 6:18 pm

      https://thanksgiving.who.ec

      1. Anonymous says:
        April 8, 2016 at 1:31 am

        Please take this off!

  4. Ata says:
    April 5, 2016 at 3:10 am

    phising 😉

    1. Dissent says:
      April 5, 2016 at 9:40 am

      Do you have specific knowledge that phishing was used or are you guessing? If you have specific knowledge or proof, please contact me via encrypted email or contact me on Wickr at pwr2016.

  5. a says:
    April 5, 2016 at 7:33 am

    if u are interested in the database: [deleted]

    1. Dissent says:
      April 5, 2016 at 7:46 am

      There’s already a link to the paste in the story, and I try to avoid links in comments, as later on, they can become malicious, etc.

  6. John Doe says:
    April 5, 2016 at 8:25 am

    > An IP lookup places the IP in Iceland, with the owner as Flokinet Ehf, website: twistednetworks.net.

    Not sure what IP whois tool are you using, but it must be one of the crappiest ever.
    First: the IP is located in Romania
    Second: that twistednetworks.net has nothing to do with the hosting company Flokinet Ehf. It’s very obvious in the IP whois or even if you do a simple google search, that the host website is https://www.flokinet.is

    Please check your facts carefully.

    1. Dissent says:
      April 5, 2016 at 8:36 am

      Noooo idea how that happened, and I’ll try to find the site again because those were the results from that site, but thanks for pointing out the error. Have corrected the post now.

      1. John Doe says:
        April 5, 2016 at 9:01 am

        thumbs up for correcting it so quickly 🙂

        1. Dissent says:
          April 5, 2016 at 9:37 am

          I know I will make mistakes on this blog, although to be wrong on an IP lookup after 17 years of looking up IP addresses is somewhat astonishing. But yeah, I will always issue a correction if an error is pointed out to me. No silent deletes, either. Public self-flogging is in order when I screw up. 🙂

  7. nope says:
    April 5, 2016 at 12:33 pm

    Data is correct but somehow old – this does not change fixed information like parent’s name or national ID
    The one who let hackers got this should do a suicide
    But they won’t even quit their jobs

    1. Dissent says:
      April 5, 2016 at 1:25 pm

      Attempts by the govt to minimize the public leak by declaring it an “old story” or “old allegations” are despicable. Even if it is an old hack, identity info doesn’t change (as you note), and making this all publicly available puts people at risk. Whether a fuller database was ever for sale on some forum or not, more people are now seeing it, able to access it conveniently, and misuse it.

  8. kør says:
    April 5, 2016 at 5:05 pm

    The data is, as far as we got with our research, no older than 2008 but not newer than 2012. We will look further.

    1. kør says:
      April 5, 2016 at 5:16 pm

      2008 – 2011 …I don’t know if we get it any better. We checked the records of more than 10 different people from all big cities for their topicality.

      1. Dissent says:
        April 5, 2016 at 5:27 pm

        If there are data from 2011, that would mean that it’s not the previously leaked data. The commenter “noname :)” says his data weren’t in there as he hadn’t turned 18 by 2009. If 2010, 2011 data were in there, he should have found himself. Hmmm…

        1. kør says:
          April 5, 2016 at 5:39 pm

          No that is not what I said. We found data that would be valid inbetween 2008 and 2011. So it cannot be older than 2008 but also not newer than 2011. 2009 is plausible here.

          1. Dissent says:
            April 5, 2016 at 6:10 pm

            Ah, ok, I misunderstood, I guess. Thanks for clarifying.

  9. someone says:
    April 5, 2016 at 10:10 pm

    It’s a shame for Turkey that (Turkish Transportation, Communication and Maritime Affairs) Minister still sits on that chair and yet to resign.

    This is total weakness and not fit for the job if most important personal public information is somehow (?) leaked.

    Having said that, even if the data is very very old, everyone who can read this, knows this data belongs roughly 2009. Population of Turkey was 72.561.312 in 2009 and it was 78.741.053 last year (url to Wikipedia deleted). Change is 6 million since then. This makes that data is valid and accurate at least 92.5% accurate and correct !

  10. Anonymous says:
    April 6, 2016 at 8:07 am

    site name??? or ip

    1. Dissent says:
      April 6, 2016 at 8:33 am

      Did you look at the paste or link to it? It’s in the story.

  11. Özdemir says:
    April 6, 2016 at 8:28 pm

    Fuck 🙁

  12. Özdemir says:
    April 6, 2016 at 8:36 pm

    I live in Turkey and this has all the correct credentials. These are the information of the people who have voted.

    1. Dissent says:
      April 6, 2016 at 9:27 pm

      According to your govt, this is not a new leak. So where was the public outcry and investigation back in 2010 and 2015? Did the general public not know about this all then? I had covered some of it in 2010 here: http://www.databreaches.net/15-released-pending-trial-in-massive-id-theft-in-turkey/ and more than one year ago here: http://www.databreaches.net/weak-state-servers-breach-causes-mass-identity-theft-in-turkey-over-50-million-citizens-identity-info-stolen/

      So why are the Turkish people finding this so shocking now?

      1. uluyanboga says:
        April 7, 2016 at 8:31 am

        Its an old story. The reason why the public is so shocked about this info is now they can easily seach and find their info. At 2010 this database was released in corrupted sql form. You have to fix it and to make it searchable you should know sql language. So not many people can do this. And ofcouse meantime the goverment is very good at fogging, hiding info such as this one. In such cases the government creates news for public to direct their attention to another point. Now the database is indexed and served to people in easily searchable , understandable interface such as https://thanksgiving.who.ec/ . Public enters the website seaches themselves and gets shocked. The difference after six years is UI.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.