It is hard to image that over half of a country’s population could fall victim to a data breach, but the reality is, no one is exempt from cyberattacks.
The country of Turkey was hit with a massive data breach in early April 2016, exposing 50 million of its citizens. With 80 million people living in Turkey, the leak impacts more than half the country’s population. The leaked data included the names, addresses, birth dates, and national identification numbers of the victims. The cybercriminal has not yet been identified, but it appears the hacker was motivated by political issues and used the data breach as a way to declare his dissatisfaction with certain political figures.
A hacktivist, (the combination of a “hacker” and an “activist”) is motivated by a political, religious or social issue and attempts to publicize a specific act or cause through cyber activities.
The hackivist behind the Turkey breach posted a statement on the site hosting the leaked data stating, “Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?” The hacker followed with, “Do something about Erdogan (the President of Turkey)! He is destroying your country beyond recognition.”
The cybercriminal also used the site as an outlet to promote his disdain for U.S. Presidential Candidate, Donald Trump, “Lessons for the U.S.? We really shouldn’t elect Trump. That guy sounds like he knows even less about running a country than Erdogan does.”
While the hacker did not expose payment card numbers, email addresses or passwords, the sensitive data that was publicized (birth dates and national identity numbers), can easily lead to identity or financial fraud and theft.
With the majority of Turkey’s population involved in the data breach, this poses a serious security threat to the country. Turkish Justice Minister, Bekir Bozdag, announced that a legal investigation has been launched. “I do not know from where and how this was leaked, but the size of the data is close to the number of the electorates in Turkey. We should look into how this breach happened,” he said.
One of the best ways to prepare for a data breach is to expect that it will happen and plan accordingly. Whether you are storing a nation’s worth of data or keeping a small amount of information on file, identifying weaknesses in your database is key.
Protecting your data can be as simple as protecting your website. For example, does your website have a login page that asks users to sign in with their username and password? If you don’t have proper protection in place, a cybercriminal can easily and quickly find ways to log into an individual’s account undetected . One way a hacker does this is by exploiting a vulnerability, called Cross-site scripting (XSS). With XSS, the attacker will inject script or code on a login page, allowing them to impersonate the visitor attempting to login. Once they have accessed the user’s account, they steal the information stored in that account.
There are a myriad of ways hackers can access your data, XSS just being one. A daily website scanner can identify XSS vulnerabilities, making you aware of the problem before any major damage is done.
Don’t assume your data is safe; assume it isn’t. Next time you’re assessing the security of your data, think about the data breach in Turkey.
There are various types of cybercriminals out there. In our blog about cybercriminals, we describe the different types of hackers and what motivates them.