Cyber Incident Victim: TTNET
Date:
Feb 2014
Location:
Turkey
Summary
A hacktivist group breached multiple Turkish telecom companies, including TTNET, and leaked sensitive customer data from one provider, exposing names, birth dates, phone numbers, and voicemail delivery details of approximately 5,000 individuals. The attackers claimed access to half a million voicemail logs from a single city over two days, asserting the breach demonstrated systemic vulnerabilities and criticized the company's alleged surveillance practices. Additionally, the group leaked phone numbers of thousands of employees from another telecom firm and over 600 government officials, framing the actions as protests against corporate internet control policies and perceived injustices.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early February 2014, the hacktivist group RedHack claimed responsibility for breaching three major Turkish telecommunications providers—TTNET, Turkcell, and Vodafone—as part of a coordinated operation. On February 4, the group leaked personal details of approximately 5,000 Vodafone customers, including names, dates of birth, phone numbers, and voicemail delivery records, through the JustPaste.It platform. RedHack stated they had redacted phone numbers and deleted last names from the leaked data "to protect the public," framing the action as an exposé of Vodafone’s practice of logging voicemails in Turkey. The group questioned the necessity of such logging in public Twitter statements, accusing Vodafone of prioritizing internet control lobbying over security. RedHack later clarified to Softpedia that they possessed half a million voicemail log records, though these allegedly covered only Istanbul and a two-day period. Concurrently, the hackers leaked phone numbers of thousands of Turkcell employees, escalating pressure on the company after it altered phone numbers of government deputies and ministries previously exposed by RedHack—a retaliatory measure against Turkey’s controversial Internet bill.
The operation expanded with RedHack leaking details of over 600 Turkish government officials and agency workers shortly before the Vodafone disclosure. The group declared their intent to leak Turkcell data imminently, having already compromised its systems alongside TTNET and Vodafone. While specifics of TTNET’s breach were not detailed in the leak, all three telecom giants faced public scrutiny over security failures and data handling practices. RedHack emphasized their broader motive: to demonstrate that no system is impervious and to target entities "committing injustices," particularly those influencing internet regulation. The incidents triggered operational disruptions, including Turkcell’s reactive number changes, and reputational damage to the telecom firms through public criticism of their security postures and data retention policies. No formal containment measures or responses from TTNET or Vodafone were documented in the available reporting at the time of disclosure.