Turkey and Philippines, recently had a major data breach where information about public were published online. Both data breach are considered as the worst breach in the history of Turkey and Philippines.
Around 50 Million Turkish citizens data have been published online, the information was hosted on a server with the IP address 188.8.131.52. Publishers claim those data belongs to 49,611,709 Turkish citizens, with the complete 1.5GB archive (mernis.sql.tar.gz – 1.5GB compressed – 6.6GB uncompressed).
A message on a site hosting the allegedly leaked data reads: “Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?
“Do something about [Turkish President Recep Tayyip] Erdogan! He is destroying your country beyond recognition.”
Next, on 27 March 2016, Anonymous Philippines hacked the Philippines’ Commission on Elections (COMELEC) website, they defaced it, but a second hacker collective, LulzSec Pilipinas has published online the entire database of the COMELEC.
Anonymous Philippines warned COMELEC to improve the security of the vote-counting machines.
In a first time, COMELEC officials downplayed the data breach declaring that no sensitive information was compromised.
“I want to emphasise that the database in our website is accessible to the public,” declared the Comelec spokesperson James Jimene.“There is no sensitive information there. We will be using a different website for the election, especially for results reporting and that one we are protecting very well,” he added.
The archive is full of sensitive data, including personal and passport information and fingerprint data, and unfortunately, not all the records were encrypted.
LulzSec Pilipinas released 16 databases from the Comelec website for a total number of 355 tables.
“Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC). ” reported Trend Micro who is investigating the case.
“Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible for everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and list of peoples running for office since the 2010 elections.”
This is the biggest government-related data breach,it exposed more than double of the number of records exposed in the US government’s Office of Personnel Management (OPM) hack that resulted in 21.5 million people being exposed to an unknown party.
More than 55 million voters are exposed to the risk of cyber attack. Cyber criminals and state-sponsored hackers can use the information to carry on a wide range of malicious activities, including scams, espionage campaigns and extortion. In previous cases of
“In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about specific persons, used as leverage for spear phishing emails or BEC schemes, blackmail or extortion, and much more.” concluded TrendMicro.