According to the data breach notification sent to KVKK by sahibinden.com, the data of an estimated 71 thousand 422 people were leaked as a result of the cyber attack. It was stated that the leaked information belonged to the store and corporate user profiles. No data leaks were detected involving individual user accounts.
How was sahibinden.com hacked?
In the statement made by sahibinden.com, it was also announced how the data was captured. It was stated that it was understood that the leaked store data was obtained by copying the web service contents necessary for the operation of the interfaces on the website and mobile application of the owner.
It was announced that the data of the leaked corporate users was obtained from the result output of the password reset service by sending password reset messages to the users by malicious third parties.
What data was captured?
The following information was leaked from users who have a store or corporate user profile on sahibinden.com:
- User ID
- Username surname
- Store name
- Phone number
- E-mail address
- Account registration date
- Location
- User type, store number
- Package category, package status, package period
- Store product type, registration period, opening date, store commitment start date