A massive data breach targeting Turkish internet service provider TurkNet claimed to have compromised 2.8 million rows of sensitive user data.
The breach, announced via a now-deleted post on March 13, 2025, included threats of further leaks and referenced prior cybercriminal activities linked to the attacker.
The Breach and Its Implications
According to the post from DarkWebInformer, the compromised data includes user credentials, email addresses, and potentially financial information.
While TurkNet has not yet issued an official statement, cybersecurity analysts warn that such breaches often involve credential-stuffing attacks or brute-force methods, as seen in recent incidents like the breach where 14,000 accounts were initially compromised via reused passwords.
The threat actor’s message emphasized their intent to “send more data” and taunted rivals, suggesting the breach could escalate.
Dark Web Informer, a known cyber threat intelligence source, highlighted the severity of the claim, noting similarities to Iran’s 2024 insurance sector breach involving 160 million records.
If verified, the TurkNet breach would rank among Turkey’s largest cybersecurity incidents, potentially exposing customers to identity theft, phishing, and financial fraud.
Experts advise affected users to:
- Immediately reset passwords and enable two-factor authentication.
- Monitor financial accounts for suspicious activity.
- Use dark web monitoring tools to check for exposed data.
Hacker’s Defiant Message and Ongoing Threats
The threat actor’s post included a rambling, aggressive declaration: “knk we are not people to be messed with… I will not be defeated, I will win, understand this.”
The message referenced prior arrests, alleged collaborations with other hackers (“Juadis,” “Lero”), and claims of reputational dominance within underground forums.
The attacker boasted about leveraging breaches to gain social clout, stating they had “won 50 women with these actions.”
Cybersecurity researchers speculate the attacker’s history aligns with patterns observed in ransomware groups like OX Thief, which recently targeted educational institutions.
The post’s blend of bravado and technical jargon—common in dark web communities—underscores the challenges of attributing and mitigating such threats.
Industry Response and Next Steps
While TurkNet’s silence leaves customers in limbo, global cybersecurity firms urge proactive measures.
Google’s dark web monitoring tools, available in 45 countries, and services like ProtonMail’s breach alerts are recommended to detect exposed information.
Legal authorities in Türkiye are likely collaborating with international agencies, given the cross-border nature of dark web markets.
As of publication, no additional data leaks have been confirmed. However, the threat actor’s promise of “1 more month” of activity suggests further breaches could follow.
Users are advised to treat unsolicited communications as potential phishing attempts and verify account security settings immediately.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=Massive data breach targeting Turkish internet service provider TurkNet, claiming to have compromised 2.8 million rows of sensitive user data){kind=link}