A data leak has emerged that closely concerns the users of Istanbul-based ‘hosting’ provider Webhosting. In a data leak caused by a software vulnerability, it was found that customer data was sent in bulk to an IP address abroad.
In the public announcement made by the Personal Data Protection Authority (KVKK), it was announced that the number of people affected by the data breach has not been determined yet, but according to the first determinations, more than 3 thousand credit card information was leaked.
ALLEGED SENT TO AN IP ADDRESS ABROAD
It is stated that the investigation on the subject continues and Webhosting Bilişim Teknolojileri A.Ş. The following information was included in the personal data breach notification sent by KVKK to KVKK:
On 09.07.2021, the records that were thought to contain the data of December 2020 were shared on a foreign site and a research was carried out by the data officer on the subject.
As a result of the controls, it was determined that there was a leak on 27.12.2020, the customer data was sent collectively to an IP address abroad on the relevant date in the log records, and the data leak occurred once.
CARD NUMBERS DETECTED
While the leak is estimated to have occurred due to a software flaw, detailed investigation is still ongoing.
The personal data categories affected by the breach were as follows: Identity, communication, customer transaction, finance and other (Customers’ details of services, e-mail contents containing some passwords related to services, identity for domain name registrations with .tr extension, company documents, signature circular, tax 3027 credit card information due to accidental leaving of log records between 15 November 2020 and 27 December 2020)
Due to the importance of credit card data, card numbers were determined at the first stage and reported to the payment institution.
The number of people affected by the breach affecting employees, users, and customers/prospects has not yet been determined. (Haberturk)