The leaked database of detailed identity information previously circulated in the criminal underground
Hackers have posted a database that they say contains personal information on 49 million Turkish citizens, along with comments indicating a political motivation for the move.
The database, if authentic, would effectively put two-thirds of Turkey’s population at risk of fraud and identity theft, and would represent one of the biggest personal information breaches yet seen.
The Associated Press said on Monday it had partially verified the database as authentic, while Hamburg-based investigative journalist Sebastian Mondial also said in a Twitter post that he had authenticated some of the data.
People analysing the information said it appears to have been stolen in 2009 at the latest, suggesting that it is sourced from a stolen database previously reported to have circulated in the criminal underground, and which was posted by a British hacker in an encoded form earlier this year.
The data has, however, never been made public as an easily readable text file until now.
Apparently originating from Turkey’s national citizenship database, it contains details including national ID numbers, full names and parents’ names, addresses and dates of birth. In their message, the hackers excerpted the entries for Turkish president Recep Tayyip Erdoğan , former president Abdullah Gül and current prime minister Ahmet Davutoğlu.
The 6.6GB file is apparently hosted by an Icelandic group that specialises in facilitating leaks and is using servers based in Romania, according to AP.
Identity theft risk
In Turkey individuals’ national identity numbers are used to access government services including taxation, voting, education, social security, health care and military recruitment, and are used to verify identity for banking and other services.
Along with the file, the hackers released a message critical of Turkey’s government, stating that “backwards ideologies, cronyism and rising religious extremism” had led to a “crumbling and vulnerable technical infrastructure” in the country. The message continued with criticism of the security protecting the citizenship database and concluded with messages critical of Erdoğan and US presidential contestant Donald Trump.
“That guy sounds like he knows even less about running a country than Erdoğan does,” the hackers stated.
The message’s wording suggested the hackers were American, but industry observers speculated that this is likely to be misdirection.
The data appears to be identical with that leaked in a 2009 attack, and which Turkish daily Hürriyet reported in 2010 was being sold by criminals for around £140.
Until now, however, the data appears to have existed only in versions that were either encrypted or accessible only using specialised software, as was the case with a version published in February by a hacker associated with Anonymous.
The latest post is the first to present the data in clear-text form, making it easily readable and searchable, according to Eren Türkay, an Istanbul-based systems engineer. Türkay said he had verified the data of his friends and family, but confirmed in a Twitter post that the information appeared to date from 2009 at the latest.
Türkay and others speculated that the data listed voters in Turkey’s 2009 elections. “My theory is still that it is an old leak from the general elections,” he wrote on Twitter, noting that about 49 million people voted at that time.
A 2013 report in Turkish media cited Bekir Ağırdır, the general manager of KONDA, a prominent political consultancy, as suggesting that the data had originally been stolen by Russian hackers.
Are you a security pro? Try our quiz!