
Turkish Citizenship Database Leaked - ponyous
http://www.ibtimes.co.uk/turkey-political-hacktivist-leaks-citizen-database-containing-50-million-personal-records-1553123
======
ttn
TR citizen here, for the last 10 years only those who are really close to AKP
got the government contracts including software like this etc. for stupid
amounts of money with no know-how. Therefore this is absolutely normal -at
least for us-, only thing that surprised me about this leak is this got into
front page of HN.

Those software "companies" take millions of liras, usually for stupid CRUD
stuff, develop it in like years and result is goddamn vulnerable, unaesthetic
pieces of garbage.

I'm on that list as well. With that info, a terrorist can buy a SIM card for
my name, use it to proxy-blow up a goddamn bomb aaaaand I'm in jail.

~~~
istoica
Not only there, in other countries in Europe too, in Romania they are
prosecuting the boss of the biggest software company we have, he has to sell
his paintings and artwork for not being arrested(bail).

The usual opinion is that they all got rich with state contracts building
stupid and expensive things that young kids would do in no time for nothing.

As a government agency, of course one would not prefer to hire kids, but these
countries, they have good IT persons, they have universities that are
struggling with funds and finance(as education is for free there and state
universities are way beyond the private factories of diplomas that are known
as private universities).

Instead of throwing that money, they could have helped education and develop
infrastructure in the same time. Nobody has bloody consciousness any more!

~~~
mikeehun
that sounds like hungary to me

~~~
0xdada
Do you have any anecdotes you can share? I'd be interested.

~~~
mikeehun
Our government bought two $1M+ websites in the past years. It's not that the
websites would pose as a security risk, or store any valuable information,
it's just plain corruption ...

500k only for the planing and teaching how to use $1,2M total, for a site what
is essentially a video sharing website:
[https://hu.wikipedia.org/wiki/Korm%C3%A1nysz%C3%B3viv%C5%91....](https://hu.wikipedia.org/wiki/Korm%C3%A1nysz%C3%B3viv%C5%91.hu)

$1,7M for the new site of the chamber of agriculture
[http://index.hu/gazdasag/2016/02/03/agrarkamara/](http://index.hu/gazdasag/2016/02/03/agrarkamara/)

fun fact in general, the corruption consumes 50% of the eu funded government
investment in Hungary according to Transparency International, which means
11.6 billion euro currently

------
staticelf
Interesting, in Sweden this kind of data is already public for anyone to view.

There is also several sites that provide this information like a search
service and it's perfectly legal:

[http://www.merinfo.se/](http://www.merinfo.se/)
[http://www.ratsit.se/](http://www.ratsit.se/)

~~~
more_original
Interesting. In Germany this database does not even exist. Each town keeps its
own data and they are not connected. I think the reason for this are the evil
uses of data bases by the Gestapo during Nazi times.

~~~
kafkaesq
_In Germany this database does not even exist._

That seems highly doubtful. How do the EU countries know you're a citizen,
then, when you cross the border?

~~~
more_original
Here is a source on Wikipedia:
[https://en.wikipedia.org/wiki/Resident_registration#Germany](https://en.wikipedia.org/wiki/Resident_registration#Germany)

"Unlike common belief there is no central administration — except for
foreigners (see Central Register of Foreign Nationals (Germany)) — the
resident registration is run by 5283 local offices throughout Germany."

For passports, I'd guess that there is a different database.

~~~
kafkaesq
_For passports, I 'd guess that there is a different database._

OK, so that makes sense. So at the national level, they only have your
_Meldeort_ (place of registration), as it appears on your ID card -- but not
(in theory) your residential address.

------
ponyous
In case it goes offline:

    
    
        #Turkish Citizenship Database
    
        Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?
        
        This leak contains the following information for 49,611,709 Turkish citizens: (IN CLEARTEXT)
    
        - National Identifier (TC Kimlik No)
        - First Name
        - Last Name
        - Mother's First Name
        - Father's First Name
        - Gender
        - City of Birth
        - Date of Birth
        - ID Registration City and District
        - Full Address
    
        **Lesson to learn for Turkey:**
    
        - Bit shifting isn't encryption.
        - Index your database. We had to fix your sloppy DB work.
        - Putting a hardcoded password on the UI hardly does anything for security.
        - Do something about Erdogan! He is destroying your country beyond recognition.
    
        **Lessons for the US?** We really shouldn't elect Trump, that guy sounds like he knows even less about running a country than Erdogan does.
        
        [Example Data]
        
        [Download URL]

~~~
zo1
What an odd place to put an anti-Trump comment.

~~~
ponyous
I really don't care about US politics. I came across the link on Reddit and
found it interesting. Make out of it what you want.

~~~
everythingcli
What sub did u find it in?

~~~
ponyous
Link to Reddit thread:
[https://www.reddit.com/r/security/comments/4d9f22/turkish_ci...](https://www.reddit.com/r/security/comments/4d9f22/turkish_citizenship_database_dumped/)

~~~
everythingcli
thx

------
mathetic
This data is being circulated for a while now.

This makes me so angry. It is good that you show the infrastructure is bad,
but how stupid does one have to be to say "do something about Erdogan" to the
people who are facing identity theft directly due to one's actions?

Many companies use date of birth and address for authentication. The only
thing that is missing is mother's maiden name, which then would be enough to
access confidential information at most banks (though they wouldn't be able to
transfer money without authorisation code).

~~~
eveningcoffee
_Many companies use date of birth and address for authentication. The only
thing that is missing is mother 's maiden name, which then would be enough to
access confidential information at most banks (though they wouldn't be able to
transfer money without authorisation code)._

Maybe they should learn a lesson from here - information that you do not
control should not be used for authentication. Especially the one that is in
its essence public.

~~~
MatekCopatek
Exactly! This is about as secure as having your first dog's name as a password
reset hint. I either already know or can simply ask about the birthday,
address and mother's maiden name of practically anyone I know.

~~~
sbarre
I've always hated the mother's maiden name security question because _my
mother kept her maiden name_ so it's not exactly a hard thing to figure out in
my case.

I think that one will go away sooner than later though, because taking a
husband's name is becoming less common in a lot of societies.

~~~
fvargas
Pro tip: You shouldn't be answering those questions truthfully.

~~~
vinchuco
But you have to remember the answers correctly. How do you keep track ?

~~~
fvargas
The lazy way (which is still arguably better than answering truthfully) is to
use the same answer for all the security questions. The better way is to treat
each answer as another password and encrypt and store the answers somewhere
safe.

~~~
thirdsun
Realistically how many people outside (or even inside) HN are going to do
that? No matter how you spin it, security questions are a very bad "security
pattern" in my opinion and we should get rid of them.

~~~
karlshea
I do that, the security questions and answers just get added to the site's
entry in 1Password.

------
throwawayturk
The leak reported to be from YSG [1], organization that manages the election
registers.

Software used by them developed by Cybersoft [2]. Cybersoft was part of the
system who developed the new identity system in Turkey. The practices used by
Cybersoft reported to be horrible. I know someone who worked on that project
(about 15 years ago), reportedly they were really bad, playing games on
servers where the all identity data of the citizens are stored. I do also know
that any employee who was part of the project had access to the query systems,
so it was possible to query the database for all citizens of Turkey, not sure
how much data it revealed but it revealed the number of people with that name
and surname ever born for sure.

Now, I'm not a fan of Erdogan but Cybersoft was developing stuff __before
Erdogan even got elected __. So yes, maybe the government who started to work
with Cybersoft was corrupt, maybe the current one is too but let 's not just
use every single baseless argument to attack Erdogan, it doesn't help
anything.

[1]
[http://www.ysk.gov.tr/ysk/faces/Anasayfa.jspx](http://www.ysk.gov.tr/ysk/faces/Anasayfa.jspx)

[2] [http://www.cs.com.tr/TR/](http://www.cs.com.tr/TR/)

~~~
ratbertovich
I've been working for Cybersoft for the last 20 years, and I know we have not
developed that system, whatever system is in question. We never had contracted
work for either the NVI - Nufus Vatandaslik Isleri (General Directorate of
Civil Registration and Nationality
[http://www.nvi.gov.tr/English,En_Html.html](http://www.nvi.gov.tr/English,En_Html.html)),
the owner of the data on Turkish citizens, or the YSK - Yuksek Secim Kurulu
(Directorate of Elections [http://www.ysk.gov.tr/](http://www.ysk.gov.tr/) \-
they lack content on the English page) the state organizer for elections, and
a client of NVI for voter information.

As far as I know, development of the NVI system for "Central Population
Management System (MERNİS), Identity Share System and Address Registration
System" was contracted to and is still maintained by Kale Yazilim
([http://www.kaleyazilim.com.tr/EN/Pages/Haberler.aspx](http://www.kaleyazilim.com.tr/EN/Pages/Haberler.aspx)).
Likewise the development of the YSK system was contracted to and still
maintained by HAVELSAN ([http://www.havelsan.com.tr/ENG/Main/urun/2321/the-
supreme-el...](http://www.havelsan.com.tr/ENG/Main/urun/2321/the-supreme-
election-council-election-information-system-secsis)). Both projects were
contracted when AKP was ruling, though I'm not sure why we are discussing this
aspect. If the software leaked information, it is the usual suspect: the
Turkish government awards contracts on price-point and the easy way to build
cheap software is to forgo testing and quality assurance. As Murphy's law
states: "Never forget that your weapon was made by the lowest bidder." You get
what you payed for.

As a reference system we developed, check out the General Directorate of
Revenues' automation for its 1000+ tax offices and the 2003 ComputerWorld
Honors winning Internet Tax Office.

Last, we have English content at
[http://www.cybersoft.com.tr/ENG/?q=node](http://www.cybersoft.com.tr/ENG/?q=node),
where you can check our references.

------
marinabercea
This is the product of self-righteous activism. You'd have to be pretty
deluded and starving for attention to think effectively releasing tens of
millions of private individuals' complete identification data is justifiable
in some way.

~~~
nsajko
It could positively influence bad auth practices.

~~~
halukakin
Hardly so for Turkey. Important positions in Turkish bureaucracy are being
filled by people who have close ties to the ruling party. I guess this is
somewhat normal in many countries given that you have some appropriate
filters, unfortunately such filters are diminishing every year. Just last week
the prime minister announced they would hire 750k long term government
employees bypassing the regular procedures and by creating adhoc exams for
each position. Regularly Turkey has this nationwide exam called KPSS which you
would have to pass to be a government employee, bypassing this exam will even
further reduce the government quality. I don't see how people without the
necessary qualifications can improve these systems.

~~~
nsajko
It is bad that decision makers can't on their own see that change is needed,
but leaks like this could change public opinion, which is what influences
politicians and businesses.

------
dmitriid
Quoting a Turkish friend:

\---start quote---

Luckily there’s no really valuable data, other than personnummer. But i am
sure with a little bit of digging it would be super easy, during Gezi police
had a pwd like 12345

The important thing with the data is national stats, which is super important
commercially. And that is for free now. More spam in the mailbox for everyone.

Obviously, for stalkers, sickos, or pedophiles this is an open source to
attack. That is another security concern, because there was no db as in Sweden
where you can access someone’s address this easy

\---end quote---

~~~
reitanqild
personnummer? Sounds very Scandinavian to me and quick googling doesn't yield
anything particularly Turkish about that word?

~~~
kolme
My guess is German (because of the historical links between Germany and
Turkey).

~~~
bluecmd
The word exists in Swedish exactly like that and also is a very common word.
Means "person number" or "person ID" basically.

------
dang
Some readers have complained about this data being posted here. That's
reasonable, but so is the community discussion. So we changed the URL from
[http://185.100.87.84/](http://185.100.87.84/) to the least bad news article
we could google. If someone has a better URL, we can change it again.

~~~
krapp
Why bother removing the URL only to post it again in a comment?

~~~
dang
Taking it out of the story link was the important thing. At that point HN was
no longer broadcasting it.

Not to include it the comment, especially since we always include the previous
url in a comment, would have invited accusations of suppression, which would
only call more attention to it.

------
peter303
Only a matter of time before the whole US SS/IRS database is dumped into the
public domain by political hackers too. Pieces of it have been liberated by
sloppy corporations and medical databases. But not the whole thing from the
government.

------
accommodavid
Checked my girlfriends family. Some of them are army officials and their info
is in there as well. With that info you could actually do some serious damage.

Also, based on address info we know this dump is 2-6 years old.

------
koolba
_Note: I wrote this up as a reply but the parent was deleted in the interim so
posting at the top level instead._

> Which server is this? A Whois lookup returned nothing.

The whois command works on domain names, not IP addresses.

To get the DNS name associated with an IP address you can try a reverse
lookup:

    
    
        $ dig -x 185.100.87.84
    

Unfortunately that only works if the the reverse record has been set up and it
hasn't in this case.

You can still see where the server is located via tracepath:

    
    
       $ tracepath 185.100.87.84
        [truncated]
        12:  lon-tel-01c.voxility.net                             86.537ms asymm 16 
        13:  buc-ird-01c.voxility.net                            147.516ms asymm 17 
        14:  buc-ird-27sw.voxility.net                           136.914ms asymm 18 
        15:  buc-ird-46sw.voxility.com                           149.699ms asymm 18 
        16:  185.100.87.84                                       143.626ms reached
    

So most likely the server is hosted on voxility.com which looks like an IaaS
provider.

~~~
eimann
What do you mean by "whois does not work on IP addresses",

$ whois 185.100.87.84

Abuse contact info: abuse@flokinet.is

inetnum: 185.100.87.0 - 185.100.87.255 netname: FlokiNET-Romania descr:
FlokiNET ehf country: RO admin-c: KW2732-RIPE tech-c: KW2732-RIPE status:
ASSIGNED PA mnt-by: FlokiNET created: 2015-12-15T13:52:42Z last-modified:
2016-02-05T18:53:56Z source: RIPE

person: FlokiNET ehf address: P.O. Box No 4 address: 121 address: Reykjavík
address: ICELAND phone: +3544150300 nic-hdl: KW2732-RIPE mnt-by: is-
flokinet-1-mnt created: 2015-05-13T15:26:09Z last-modified:
2016-02-01T06:46:24Z source: RIPE

route: 185.100.87.0/24 descr: FlokiNET ehf origin: AS200651 mnt-by: FlokiNET
created: 2016-02-05T18:52:09Z last-modified: 2016-02-05T18:52:09Z source: RIPE

~~~
koolba
Wow I didn't know you put IPs directly in there. If so, it returns back the
ownership info of the IP from ARIN. Not quite the same as getting the contact
info for a domain name but still quite nifty. Thanks!

------
devy
Does the publisher of this leak really think the other politicians are better
off in keeping private citizens' information private? S/he must have not heard
the Clinton's own email server leak issue. Yeah, yeah, it's a cliché, but it
shows exactly how much they care about security.

~~~
eli
Clinton's email server didn't leak anything, so far as we know. The emails
you've read have been released by the State Department as public government
records.

~~~
devy
FBI hasn't officially concluded the investigation. We'll see.

------
diminish
A criminal thief putting personal data online and giving political lessons,
shame on you really.

When your true goals are phishing, criminal activities, spamming to robe
innocent people, at least be honest and do not make such grandiose statements.
/rant

------
whalesalad
So the folks who did this complained about a bad DB (needing indexes) but then
failed to convert the DOB's to date types.

~~~
yAnonymous
Maybe it's really stored as text?

~~~
whalesalad
Yeah but a simple query can add a column, copy the data while parsing it into
a native date and then drop the original column. It can all be in a
transaction too so that if there is a failure nothing is lost.

I was mainly referring to the high and mighty attitude about fixing their
broken db. If you're gonna fix it, it's all or nothing in my book.

~~~
yAnonymous
True. Although showing how unprofessionally the data is kept makes a good
point, too.

------
return0
Interesting, but to be fair a typical facebook page has more information.

~~~
fabulist
If you choose to sign up for facebook with real information, sure.

You don't have much choice in the data your government loses about you.

~~~
AimHere
You don't have much choice when your friends or relatives post about you on
Facebook either, and there, lying to Facebook is out of your hands.

Privacy isn't transactional, it's environmental.

~~~
macintux
I do not know, but strongly suspect, that my absence from Facebook means I'm
rarely mentioned there. Certainly I'm mentioned less than if I had an account.

Even if I am mentioned there, Zuckerberg & friends don't have any account to
cross-reference to target me with ads, etc.

So, my absence from Facebook is nonetheless a significant enhancement of my
privacy.

~~~
fabulist
It is worth noting that Facebook maintains "ghost" profiles for people who
aren't members, but of whom they are aware. I'm having trouble finding a
reference, but I remember it came out that when your friends ("friends") give
Facebook their email contacts so that they can locate other people using their
service, Facebook remembers contacts which do not yet hold accounts. I
speculate this information wouldn't be valuable if they didn't attempt to
infer that particular posts mentioned these non-member profiles.

------
rmc
You shouldn't share this around. This is going to mess up a lot of innocent
people's lives.

~~~
mavdi
It's too late for that. Criminals have access to it already. I would argue we
should indeed share it around so that at least average Turkish citizens are
aware their data has been stolen.

~~~
amiraliakbari
Really right! Even there should be a wiki containing all data leaks, at least
the description if not the data.

~~~
sxv
And we shall call it.. WikiLeaks. Oh wait.

------
aorth
It's interesting that the data doesn't have values with the Turkish dotted or
dotless I, ie the one in İstanbul, İbrahim, or Diyarbakır. Seems pretty
important to store people's names correctly.

[https://en.wikipedia.org/wiki/Dotted_and_dotless_I](https://en.wikipedia.org/wiki/Dotted_and_dotless_I)

~~~
kafkaesq
Then again -- if they can't figure out how to index their databases... then
most likely they probably can't out how to do locales and character sets
properly, either.

~~~
aorth
Ah! And this ironically relevant 2008 post from Coding Horror about testing
your code in the Turkish locale.

[https://blog.codinghorror.com/whats-wrong-with-
turkey/](https://blog.codinghorror.com/whats-wrong-with-turkey/)

------
amingilani
Why host the dump on an IP instead of a domain?

I mean, I suppose skipping a domain means one less company that knows your
personal information, but doesn't this mean Voxility[1] can lookup the
customer for this IP?

[1] koolba's comment:
[https://news.ycombinator.com/item?id=11420959](https://news.ycombinator.com/item?id=11420959)

~~~
Matt3o12_
A domain adds another point of failure (we want to take you down, we can just
block the domain vs the server). As other have pointed out the abuse report
for that hosted is quite terrible, so it might take a while to get taken down.

Also, a domain name costs money, and you get little use of it (just paid $20
for a domain that gets taken offline in a few days). And even if there was a
domain name, what should it be? Turkish-citizenship-dump.com? What values does
it add if the site only sticks around for a few days?

~~~
darkhorn
Well, they have blocked the IP within few hours.

------
bediger4000
Isn't the real lesson here twofold?

1\. Governments can't keep this kind of data secure.

2\. Massive troves of information that identify individuals are a very
tempting target.

This sort of breach argues against big centralized (e.g. NSA's "sniff it all")
data stores. They're just too easy to get into the wrong hands.

------
eatsfoobars
A user named testing123123 wrote about the dump on ##crypto, on Freenode. He
claimed to be the one who dumped the database. It happened yesterday, on
Sunday.

Log: [http://pastebin.com/EgKhCj6z](http://pastebin.com/EgKhCj6z) (Time is
EEST, UTC +3)

------
id122015
Where others see a weakness, I see an opportunity: that's how we could send
traffic-tickets straight to policemen's door. Enjoy watching "Rémi GAILLARD vs
POLICE"
[http://www.youtube.com/watch?v=bJMLS4RDAzk](http://www.youtube.com/watch?v=bJMLS4RDAzk)

------
georgiev
How illegal is it to download this database?

~~~
Biganon
About 4

------
amelius
Does it contain the addresses of citizens with a double nationality who now
live abroad?

~~~
darkhorn
If you were a voter in 2010, as far as I know. But I don't know if it contains
foreign home addresses. Some people say that it was fetched from ysk.gov.tr .
Normally MERNİS has more detailed database, so they say that it cannot be
MERNİS. MERNİS stands for Central Citizenship Administration Center, it
contains even pre-Turkish Republic "citizens", like from Ottoman Empire. YSK
stands for Supreme Electoral Council. A friend of mine had access to MERNİS,
he once said that the leaked data is not directly from MERNİS.

------
darren0
If a structural engineer builds a bridge that collapses and kills someone,
they are liable in one way or another. What if the same was applied to
software engineering. That would sure change how seriously you take PII.

~~~
tomschlick
New attack vectors come out every day. The one they used may have not even
been related to THE application that someone built for this. If you built
something 4 years ago for the gov't to use and they didn't keep the server
patched how is that your fault as a software engineer?

------
muratbiskin
Gulenist police provide data to them to take revenge from Erdoğan.I expect
more to come since Erdoğan is still alive.Gulen said Erdoğan will be poisened,
he must have a spy near Erdoğan.

------
IndianAstronaut
Somewhat interesting to think that this very personal information of tens of
millions of citizens is just 1.5 gigs in size.

Are the implications of the National identifier similar to an SSN in the US?

~~~
mathetic
Not to the same extent.

------
ommunist
Is this the Russian answer to Sukhoi plane incident?

------
karangoeluw
What are the ethics around analysing the data here in aggregate form (not
individual info).

------
hemre
I guess this data is leaked from inside. Like most others.

By the way, why the heck is this in ASCII?

~~~
darkhorn
In order to bit shift it?

------
jug
How do the citizens of Turkey deserve this?

------
doomwelcome
ну ахуеть теперь...

Guys, tell me, please: If I add this base and create UI for find people to
search by Name, birth date, etc. Is it legally?

------
leo1187
I think that as well!!!

------
leo1187
that's what I think as well!!!!

------
3bbc
nb

------
PaulHoule
seeds!

------
supremeanger
It doesnt seem too reasonable to compare a businessman to someone who supports
terrorism and radical islam.

~~~
sspiff
I wouldn't put it past Trump to encourage radical christian violence, whether
that would be terrorism is in the eye of the beholder.

Erdohan certainly is using the situation to crack down on national opposition
and get as many separatists killed while the rest of the world is focusing on
the Syrian civil war and its exports of violence. That's simply realpolitik
though, not ideology.

That said, the tone and message accompanying this leak is ridiculous.

------
feylikurds
On the behalf of all Kurds worldwide, I would like to congratulate the
wonderful people who did this hack and released the information. You guys are
just like those who opposed Nazi Germany. We Kurds shall be forever grateful
to you.

To any Turk that may read this: Ne Mutlu Kürdüm Diyene (Happy is he who says I
am a Kurd :)

[https://www.youtube.com/watch?v=VX4y9qUG8is](https://www.youtube.com/watch?v=VX4y9qUG8is)

~~~
dang
This comment doesn't belong here. Please keep nationalist politics off Hacker
News.

------
e-sushi
Cryptographers: 1 -- Idiots: 0

~~~
fabulist
The winners here are fraudsters and the losers are the Turkish people.
Cryptographers never enter into the equation.

~~~
e-sushi
I definitely agree. If only a single cryptographer would have been part of the
equation, no one would have had a reason to write “Bit shifting isn't
encryption” . Looking at my comment again again, I guess it was simply too
short to be understood as a cinical “read it with a smile” kind of thing. Just
to be sure no one gets me wrong: I surely did not want to hype any of the bad
guys, nor make fun of the victims… the innocent Turkish citizens involved.
Yet, I can’t help to shake my head that a Turkish governmental agency was
stupid enough to use a near to “xor-by-one” snakeoil crypto thingy instead of
well-vetted and security proven cryptographic algorithms and protocols. If
they would have, there wouldn’t be a problem – just a blob of encrypted data.
Which is why I said: “cryptographers 1 – Idiots 0”… which was merely meant to
be interpreted as “roll your own crypto, eat your own poison – no
cryptographer would have stepped into the stupid pitfall of using home-brew
toys instead of well-vetted algos & protocols”. Hope that somewhat is able to
explain what I meant with my comment. If my cynical comment was misunderstood
due to its minimalism – my bad. Downvotes correctly punished me accordingly
for my comment being too short to be understood upon first glimpse – next
time, I’ll be sure to be clearer.

------
venomsnake
I am imagining what PKK could do with that info.

~~~
mathetic
Not much. Not their style of warfare really.

------
Grue3
Is this HackerNews or DoxingNews? How is doxing the whole country an
acceptable submission?

~~~
StreamBright
You think that if it is not getting posted on HN than nobody will notice it?
What would you qualify HN worthy submission? I did not read the URL just read
the comments but it was quite entertaining, HN is not responsible about the
content of the submission URLs but it is a great place to discuss the subject
with other people.

~~~
Grue3
>What would you qualify HN worthy submission?

Something that doesn't dox random people, for starters.

~~~
s_dev
The problem was the creation of the list and the subsequent negligent
protection of the data not it being passed to HN after it's been published to
the internet.

It's like the Ashely Madison leak - Hacker News discussed it happily as well
even though that was a complete dox list of individuals.

~~~
diminish
No it is not similar to Ashhley Madison nor panama offshore accounts.

It is similar to me dumping all HN users' personal IDs and addresses as well
as birth certificates. Or similar to dumping all Irish citizen's driving
licenses, addresses and ID info and linking them here on top.

I have seen HN crowd being careful for a single person's privacy just to keep
his mood up.

~~~
StreamBright
HN did not do that though. Again, we are talking about the dump not executing
it. Just because you are not talking about something bad it still exists. I
got the Turkish page at least on 3 different channels, yet got the most
meaningful comments on HN.

------
RussianPazanful
Thank you so much. Downloaded for 15 minutes. File-torrent. Archive 1.5 GB.
There is evidence of Erdogan and Ahmet Dobutoglu.

