[marinabercea]

This is the product of self-righteous activism. You'd have to be pretty deluded and starving for attention to think effectively releasing tens of millions of private individuals' complete identification data is justifiable in some way.

[MatekCopatek]

Couldn't you say this about every personal data leak ever? I'd say the problem is companies won't take you seriously if you simply say "you have a security hole here". They'll probably report you, maybe fix an immediate bug that covers the exact issue you found and move on.

If they, on the other hand, get thousands of customers complaining and leaving, they'll take security much more seriously in the future. There's also a good chance that affected users will be more careful and proactive about their personal data in the future.

[leblancfg]

...but this is a country.

In the immediate, the only thing that can happen, if at all, is for some people to lose their jobs.

I think he is hoping that if the leak is well covered enough by the media, it will be adding oil to the fire of public discontent. Perhaps in a way that would dislodge the current government.

Way I see it though, that's quite a long shot :)

[trhway]

in the end of 199x in Russia a lot of big government databases - incl. individuals' passports, companies' registrations, real estate property data, etc.. got leaked and become widely available. It was very convenient - you could immediately verify all the stuff about people and companies you were dealing with, and such ability is extremely important in the environment when fraud is a normal everyday matter.

[nsajko]

It could positively influence bad auth practices.

[halukakin]

Hardly so for Turkey. Important positions in Turkish bureaucracy are being filled by people who have close ties to the ruling party. I guess this is somewhat normal in many countries given that you have some appropriate filters, unfortunately such filters are diminishing every year. Just last week the prime minister announced they would hire 750k long term government employees bypassing the regular procedures and by creating adhoc exams for each position. Regularly Turkey has this nationwide exam called KPSS which you would have to pass to be a government employee, bypassing this exam will even further reduce the government quality. I don't see how people without the necessary qualifications can improve these systems.

[nsajko]

It is bad that decision makers can't on their own see that change is needed, but leaks like this could change public opinion, which is what influences politicians and businesses.

[afsina]

This reminded me 2010 KPSS scandal of Gulenists.I guess they want to go other way around..

[gkya]

And losses of millions of turkish liras for a while is a feasible trade-off for that?

Whoeves did this is an utter idiot, a profoundly inconsiderate hacktivist, whatever that shall be.

[NetStrikeForce]

I see your point and I might agree with you (didn't make up my mind yet), but how is this different than disclosing someone else's vulnerability with a "hardcoded" date? In some cases, getting from disclosure to a working exploit is trivial.

If this data was so easy to get, any state actor probably had it for years now. Also powerful criminal organisations.

Wasn't the harm potentially done already and this might trigger a change? Maybe now all those banks will not accept whatever data is in this leak as a way to authenticate a customer. In that scenario we would be in a better situation because of the leak.