A threat actor has allegedly put the database and system access for the Antalya Veterinary Doctors Association up for sale on a cybercrime forum. The victim, the official professional organization for veterinarians in the major Turkish province of Antalya, is a crucial body that regulates and represents hundreds of animal health professionals in the region. The data breach appears to be severe, with the seller claiming to offer full administrative control over the association’s digital assets.
According to the forum post, the threat actor is selling a package that includes administrator panel access, a web shell for executing commands on the server, and full access to the organization’s MySQL database. The sale highlights a significant compromise of the association’s infrastructure. The post claims the database contains highly sensitive and personal information belonging to the member veterinarians.
The leaked data allegedly includes a wide range of personally identifiable information (PII). The exposure of such data could place the victims at high risk for identity theft, fraud, and targeted phishing attacks. The data fields listed for sale are:
- Full name
- Mother/Father names
- Height, weight, shoe size
- Relative contact numbers
- Veterinarian’s phone numbers
- Full physical address
- Email(s)
- Blood type
- Turkish ID number
- Passwords (hashed, some weak)
- Date of birth
- Profile photo (JPEG links)
