Half of Turkey Now at the Mercy of ID Thieves

Government (Foreign) // Turkey

An unidentified hacker uploaded to the Web a 1.4 gigabyte compressed file containing the personal identifier numbers and other sensitive data on tens of millions of the country's citizens. 

The leak also included a taunt that referenced sloppy data protections and a hardcoded password, which allowed the entire unencrypted database to be pulled from the Turkish government’s servers.

The hacker or hackers behind the breach seem to be American, based on another comment accompanying the leaked data that mentioned presidential candidate Donald Trump: “Lessons for the US? We really shouldn’t elect Trump,” the message reads. “That guy sounds like he knows even less about running a country than Erdogan does.”

Turkey’s government has downplayed the leak, saying that the data had actually been first aired in 2010—though critics counter that the data wasn’t actually posted online and in a decrypted form until now.

Skeptics of the government's story also say, at the time, a crime ring was selling an even larger version of the database privately, but not dumping it on the Internet. A hacker who goes by the name TheCthulhu took credit for posting an encrypted version of the data in March. 

It's unclear how or if that same hacker was involved in the latest leak of the fully decrypted database. 

The dumped data seems to be from 2008, "but its sheer scale represents a potential privacy nightmare for Turkish citizens: With Turkey’s population numbering around 80 million, the leak covers more than half the country. And even data like addresses and birth dates can serve as a starting point for identity theft in the hands of hackers who manage to cross-reference the breach with other stolen data," Wired reports. 

The authenticity of the published data -- names, addresses, parents’ first names, cities of birth, birth dates, and national identifier numbers used by the Turkish government -- was verified by the Associated Press