[BreachExchange] Déjà vu Data Leaks

Thu Apr 7 09:53:51 EDT 2016

https://www.riskbasedsecurity.com/2016/04/deja-vu-data-leaks/

Recycled Turkish Citizenship Database Re-leaked, Again

On June 4th, 2016, there were new reports that the personal details of
nearly 50 Million Turkish citizens
<http://abcnews.go.com/Technology/wireStory/data-50-million-turks-allegedly-leaked-online-38142865>
had been compromised and posted online in a massive security breach. The
news appears to be triggered from a Tweet
<https://twitter.com/dchest/status/716934572949299200> that received quite
a bit of attention:

[image: Turkey 1 - Database Leaked]

A leaked database containing 49,611,709 records (about 6.6 GB of data), was
reported to have appeared on the website of an Icelandic group offering
download links to anyone interested.
<http://thehackernews.com/2016/04/personal-data-leaked.html?m=1> The leaked
database was reported to contains the following information:

   - First and last names
   - National identifier numbers (TC Kimlik No)
   - Gender
   - City of birth
   - Date of birth
   - Full address
   - ID registration city and district
   - User’s mother and Father’s first names

Well-known security researcher Jacob Applebaum tweeted
<https://twitter.com/ioerror/status/716943530892111874> shortly afterwards,
that if it is what it claims to be, he thought it was one of the largest
security/PII breaches since the large OPM breach.
<http://www.eweek.com/security/opm-says-far-more-fingerprint-data-stolen-than-first-reported.html>
 His tweet received quite a bit of attention as well.

[image: Turkey 2 - Applebaum]

With a record setting year in 2015
<https://www.riskbasedsecurity.com/2015-data-breach-quickview/>, and so
many data breaches occurring every day, it can be extremely difficult to
keep up with the ever changing data breach landscape, and what it means for
organizations. For those that pay attention to the daily ebb and flow of
breach activity, you were likely yelling at your screen at the beginning of
this blog shouting that this leak is clearly a duplicate. Or at the very
least, thinking to yourself this sounds very, very familiar.

This data, while legitimate, has been leaked before
<https://twitter.com/CthulhuSec/status/699247420803309569>! More
concerning, it was even leaked before that!
<https://www.reddit.com/r/worldnews/comments/4dc0wv/the_entire_turkish_citizenship_database_has/>

Oh… and one more time before that!
<http://www.hurriyet.com.tr/tum-bilgileriniz-su-anda-satiliyor-olabilir-15430731>

[image: Turkey 3 - Cthulhu]

Turkish press reports came to light as early as January, 2015 claiming that
governmental databases containing this very same information had been
compromised. According to The Daily Dot
<http://www.dailydot.com/politics/turkey-data-dump-cthulu-police/>, the
leaked database files are actually from 2009, and their public existence
has been known since 2010.

What’s more, the data is… well, dated, with the most recent information
coming in 2008. <https://twitter.com/erenturkay/status/716958238999191553>

[image: Turkey 4 - 2008]

If for some reason you are interested in seeing the Turkey re-leaked data,
a new site just was published that is a searchable database
<https://thanksgiving.who.ec/> of the “leaked” information. But remember,
it isn’t that uncommon to find voter information online as we have seen
with Indian voters previously.
<http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx>

While there is no *real* new news here, this is just one example of the
numerous data leaks that are really re-leaks or all together just not
valid. But don’t worry! There will be plenty more leaks to report on
shortly and you of course have the Panama Papers to be reading
<https://panamapapers.icij.org/20160403-panama-papers-global-overview.html>
as well!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160407/c26c68c3/attachment.html>