Information Technologies Sun. ve Tic. In summary, in the data breach notification submitted to the Board by the AŞ (Sahibinden);

Data breach occurred as a result of cyber-attack of the data controller,

In the research conducted, it was determined that the personal data affected by the violation were shared on the internet on 27.03.2023, but the start date of the violation has not been determined yet;

• It is understood from the owner that the store data (data other than the e-mail address data) is obtained by copying the web service contents necessary for the operation of the interfaces of the owner's website and mobile application,
• It is understood that the e-mail address data of corporate users is obtained from the result output of the password reset service by sending password reset messages to the users by malicious third parties,
• Personal data affected by the breach, including store information from the Owner and the e-mail address of corporate users in general; user ID, username, surname, store name, phone number, e-mail address, account registration date, location, user type, store number, package category, package status, package period, store product type, registration period, opening date, store commitment start date information,
• Corporate users of the data controller are affected by the breach, and within this scope, data belonging to private companies are also affected,
• Estimated number of related persons affected by the violation is 71,422,
• Relevant persons affected by the violation can obtain information about the violation via the e-mail address “[email protected]” or the call center phone number (0850 222 44 45).

information is included.

Although the investigation on the subject continues, with the Decision of the Personal Data Protection Board dated 30.03.2023 and numbered 2023/504, it has been decided to announce the aforementioned data breach notification on the Institution's website.

Source of New: KVKK Public Announcement (Notification of Data Breach)