CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



50 million PII Records of Turkish Citizens Posted Online

Hackers have dumped a database apparently containing personal details of almost 50 million Turkish citizens. The details were posted to an Icelandic organization that specializes in such data dumps. According to SecurityWeek’s research, the server is hosted in Bucharest, Romania.

Hackers have dumped a database apparently containing personal details of almost 50 million Turkish citizens. The details were posted to an Icelandic organization that specializes in such data dumps. According to SecurityWeek’s research, the server is hosted in Bucharest, Romania.

Most commentators believe that the data is genuine, although there is some suggestion that it is not entirely new. Jacob Appelbaum commented on Twitter that if genuine, it would represent one of the largest breaches since the massive Office of Personnel Management (OPM) breach. The subsequent Twitter thread indicates that the data may come from the Turkish citizens who voted in the 2009 elections. 

Personal details within the data include the Turkish National Identifier, name and address, parents’ first names, sex and age.

While the data leaked may not be incredibly sensitive, the reality it that simple matching of this data with either guessed or otherwise acquired email addresses will lay 49,611,709 people open to phishing, spear-phishing, scamming and identity theft.

“We have received information, that the bad actors on “Dream Market,” where previous data leaks were sold (such as from TheNeoBoss on hacked porn networks), had placed the decrypted database of Turkish National Police there some days ago,” Andrew Komarov, chief intelligence officer at InfoArmor, told SecurityWeek. 

It is largely assumed that the motive for the dump is political. Many groups both within and outside of Turkey, including Anonymous, have declared cyber war against the Turkish government.

“Previously, this database was published at with hashed data, but it looks like some bad actors are looking for the data from this region and that’s why they have invested some efforts in cracking it,” Komarov said.

“[At] the same time, the same rounds of bad actors were actively discussing Turkey’s national database, but without any clear details or estimated price. Turkey is definitely very specific region, having many geopolitical overlaps, that’s why absolutely different bad actors by motivation and ideology may target it,” he continued.

Advertisement. Scroll to continue reading.

However, the hackers’ message accompanying the data dump seems to be more to ridicule the government than to attack it politically.

“Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?” say the hackers.

The hackers then offer four lessons that Turkey should learn: ‘bit-shifting isn’t encryption’; ‘we had to improve your sloppy DB work’; ‘don’t put a hardcoded password on the UI’, and finally, ‘get rid of Erdogan’ (the Turkish President).

But while dumping the data might be political, that doesn’t mean the original reason for the hack was political. We don’t know how long the hackers had the database before going public, nor do we know how many bad actors now have all of this personal data. While the dump might be political, the hack might have been simply financially-motivated criminality.

As Robert Capps, VP of Business Development at NuData Security, comments, “The real collateral damage will be to the millions of Turkish citizens who have had their identity compromised. In most cases, the most common result of such a breach is fraudulent account creation or existing consumer account takeover, something we have seen borne out year after year among our clients. Of the last billion account creations we analyzed, more than 50% were identified as illegitimate and/or fraudulent. With the level of information released in the recent Turkish breach, criminals have solid profiles on individuals that can be used to create new bank accounts, access existing accounts, or acquire false Government issued identification documents in order to perpetuate all manners of maleficence, including financial crimes and terrorism.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...