‘Change all your passwords’ warning after cyber attack

Informatics experts warn the users to change their passwords in all applications after the cyber attack suffered by the food ordering platform and, if possible, to set different and easily predictable passwords.

The largest food ordering platform operating in Turkey, the statement made the previous day, the company’s user database, the identity can not be determined by cyber hackers or attacked by pirates and recorded where a security breach had been announced had been captured by pirates of a portion of the user’s account information.

It was reported that the name-surname, date of birth, phone numbers, e-mail addresses, address information and masked login passwords that were not clearly seen were seized in the e-mails sent to the users from the company.

In the cyber attack, which was stated to affect 21.5 million people in total, it was announced that credit card information was completely securely stored and there was no security problem in this regard.

While users were uneasy after the explanations on the subject, IT experts warned consumers about what to do about the issue.

“Cyber ​​hackers will crack many passwords”

Information Technologies and Cyber ​​Security Association Chairman Yavuz Sultan Selim Yüksel stated that if companies working with personal data stole this information, they informed the Personal Data Protection Board (KVKK) as soon as they detected the problem, and said that it is mandatory to share all the details.

Yüksel emphasized that companies that steal information are fined, and if they do not disclose this information, the penalty increases every day, so companies should be transparent.

Noting that the damage that will occur after the capture of users’ information is limited to their imagination, Yüksel continued his words as follows:

“The company announced that passwords are encrypted with an encryption algorithm and are not stored explicitly. Let me first say here that the most used password of 2020 is * 123456 *. So most of us use such simple passwords in many places. Cyber ​​hackers can decrypt many passwords when they scan with various tools, wordlists. You say to the program, ‘Try the passwords in the wordlist for these information.’ It finds the matches and says ‘this password is this, this password is this.’ There are many users who prefer simple passwords. Passwords that are commonly used on many different platforms are at stake. “

The allegation that the stolen information is on sale

Yavuz Sultan Selim Yüksel stated that people can be threatened by e-mail with the passwords captured and said, “These people are sent e-mails stating that they have accessed forbidden sites or they did illegal things. In addition, we are following your computer. The information received can be sent. So to speak, the bait is thrown. Users who believe this can be defrauded. ” he spoke.

The stolen information voicing purchased by malicious people Yuksel, “this information, lists where the data will be on sale in underground sites. Last stolen information also even went on sale at the moment underground markets. For example, in Turkey march with an NGO shortly before The captured information was distributed free of charge on such sites. ” found in the description.

Yüksel said that such data theft had occurred in a hotel chain before, and the company was aware of the cyber attack 4 years after the cyber attack, and that a significant penalty was imposed due to this data leak.

“The passwords of the site in question and all other memberships must be changed”

Information Technologies and Cyber ​​Security Association Chairman Yüksel said that the latest hacked platform is very professional and encrypts passwords, saying that not every site may be so lucky.

Stating that some citizens can use common passwords in banking, social media, e-commerce sites and other memberships, there is a serious danger for them, Yüksel warned:

“The thief who obtains a password will try the same in other applications. Therefore, we must change our passwords in all applications urgently and determine different and easily unpredictable passwords. Passwords must be determined in a certain combination. Also, we must update our passwords from time to time. Action should be taken in this regard and be prepared for such initiatives. “

Yüksel underlined that they are in an era when information is valuable, stolen and can be turned into money, and that consumers should act with this awareness.

Reminding that KVKK made a statement that credit card information was not stolen, Yüksel emphasized that users who want to can remove the card information registered on the site.

Yüksel said that there is ISO 27001 information security standard in large corporate organizations, these standards bring companies to a certain level in information security, and that it is more difficult to access the information of companies that have this.

“Those who suffer can apply to the court”

The President of the Consumers Association (TÜDER), Levent Küçük, said that companies are obliged to protect the data of users within the scope of the Law on the Protection of Personal Data No.6698.

Küçük stated that in the Turkish Penal Code, there is a prison sentence of 1 to 3 years in case of entering the information system, blocking-disrupting the system, destroying-changing data, and misuse of bank and credit cards.

“In the event that consumers suffer material or moral damage due to the capture of this data, the damages must be compensated by the company. The damaged consumer can also apply to the court to compensate for this damage. In addition, consumers can learn about what information has been stolen by applying to the KVKK.”