SafetyDetectives cybersecurity researchers have identified a data breach in which a threat actor has leaked the personal details of over 2 million Turkish citizens. The leak is related to vaccination data from 2015 to 2023.
It’s worth noting that the database has been leaked on the same forum where, just a couple of weeks ago, another threat actor leaked a scraped LinkedIn database with 35 million user data. The same forum saw the leak of two scraped databases from chess.com on November 10 and November 12, 2023.
According to the report shared by SafetyDetectives with Hackread.com ahead of publication on Monday, although the data was leaked on the forum on September 10, 2023; researchers believe that the leak took place on April 4, 2023.
The researchers are certain that the data was likely extracted by leveraging an information disclosure vulnerability. Their analysis has revealed the data to be authentic and includes the following information:
- Birth dates
- Doctors’ full TCKNs
- Dates of vaccinations
- Vaccine types received by individuals
- Other vaccination and supply chain details
- Hospitals where vaccinations were performed
- Dose numbers of specific vaccinations across the country
- Patients’ partial Turkish Identification Numbers (TCKNs for short)
“Patients’ TCKNs were partially redacted, while doctors’ TCKNs were displayed in full indicating that the data could possibly have been scraped from an online platform or service used by Turkish healthcare providers or the Ministry of Health,“ SafetyDetectives Cybersecurity Team explained in a blog post.
“There were a total of 125,000 listed TCKNs for doctors. Considering Turkey had over 183,000 physicians in 2021, this suggests the breach might have exposed the personally identifiable information (PII) of around 70% of the doctors in the country,” the team added.
The data leak is concerning as there is another database on the same forum containing the personal data of over 49 million Turkish citizens including physical addresses. Although this database was originally leaked in 2016, it has been circulating and resurfacing on different hacker forums, especially on Telegram.
Threat actors can utilize both databases for various malicious purposes, including identity theft. The data can also be used to physically track and threaten people.
Turkey is not the only country to have its vaccine records leaked online. India also faced a similar situation when the COVID antigen test results of 1.7 million Indians and foreign nationals were leaked online. The database was only secured when Hackread.com reported the incident to Indian CERT in September 2022.