A recent analysis conducted by cybersecurity researchers at SafetyDetectives has revealed a significant data breach that has compromised the personal information of more than 2 million Turkish citizens. The breach specifically involves the leakage of vaccination data spanning from 2015 to 2023.
The leaked database was discovered on a forum known for hosting various cyber threats. Interestingly, this forum was also the source of the recent leak of a scraped LinkedIn database, affecting 35 million users. In addition, it was previously responsible for the release of two scraped databases from chess.com.
Although the leak itself occurred in September 2023, the researchers believe that the breach actually took place in April of the same year. Upon close examination, they determined that the data was likely obtained through the exploitation of an information disclosure vulnerability.
The leaked data contains a plethora of personal information, including birth dates, full TCKNs (Turkish Identification Numbers), vaccination dates, types of vaccines received, additional vaccination and supply chain details, hospitals where vaccinations were administered, and dose numbers of specific vaccines across the country.
The cybersecurity team at SafetyDetectives explained that while patients’ TCKNs were partially redacted, the TCKNs of doctors were fully displayed, indicating that the data may have been scraped from an online platform or service used by Turkish healthcare providers or the Ministry of Health. It is worth noting that a staggering 125,000 TCKNs belonging to doctors were present in the leaked data, which could potentially compromise the personally identifiable information (PII) of approximately 70% of the country’s physicians.
What makes this data breach particularly troubling is the existence of another database on the same forum, containing the personal information of over 49 million Turkish citizens, including their physical addresses. While this database was initially leaked in 2016, it has since resurfaced and been circulated on various hacker forums, particularly on Telegram. Threat actors can exploit both databases for nefarious purposes, such as identity theft, and even physical tracking and threats.
Unfortunately, Turkey is not the only country that has experienced the leakage of vaccination records. India faced a similar situation when the COVID antigen test results of 1.7 million Indians and foreign nationals were exposed online. This database was only secured once the incident was reported to the Indian CERT by Hackread.com in September 2022.
Q: How many Turkish citizens were affected by the data breach?
A: The personal details of over 2 million Turkish citizens were compromised in the data breach.
Q: What type of information was leaked from the vaccination records?
A: The leaked data includes birth dates, full TCKNs (Turkish Identification Numbers), vaccination dates, types of vaccines received, additional vaccination and supply chain details, hospitals where vaccinations were administered, and dose numbers of specific vaccines across the country.
Q: How did the threat actors obtain the data?
A: The data was likely obtained by exploiting an information disclosure vulnerability.
Q: What is the potential impact of this data breach?
A: The leaked data can be used for various malicious purposes, including identity theft and physical tracking of individuals.
Q: Are there similar instances of vaccine record leaks in other countries?
A: Yes, India also experienced a similar situation when the COVID antigen test results of 1.7 million individuals were leaked online.