Newsflash: Mission impossible? Hacking a country and obtaining its citizens database…

Have you ever imagined what would happen if a database was leaked containing all the personal data of all the citizens of an entire country?

Today was the day that this happened (at least, hackers claim that it has happened, it’s not confirmed by the Turkish government itself). Personal data of more than 49 million Turkish citizens leaked on to the internet, viewable for everyone (I’m not going to link to it but it should be pretty easy to find when searching Twitter). The database contains personal data like for example, someone’s full address and National Identifier.

The entire list of leaked personal data:

  1. National Identifier (TC Kimlik No)
  2. First Name
  3. Last Name
  4. Mother’s First Name
  5. Father’s First Name
  6. Gender
  7. City of Birth
  8. Date of Birth
  9. ID Registration City and District
  10. Full Address

What happened?

The hackers mentioned the following at their “website”:

“Putting a hardcoded password on the UI hardly does anything for security.”

Which probably means that the hackers found a password in the html source of the website (want to check? right-click -> view-source)

How old is this data, and where did they get it?

The data seems to be from somewhere between 2007 and 2009. It might be the leaked data from a hack in 2010. That year there was a news article about a “leak” of data from the MERNİS Project (Mernis is the Central Registration Administration System of Turkey). It could be possible that this might be a cleaned and optimised version of that leak.

sources:

  1. https://twitter.com/erenturkay/status/716636061414326272
  2. https://twitter.com/erenturkay/status/699292607017566208
  3. http://www.databreaches.net/turkish-citizenship-database-leak/
  4. http://www.hurriyet.com.tr/tum-bilgileriniz-su-anda-satiliyor-olabilir-15430731?noMobile=true

Next up