On December 10, 2024, a significant cyberattack targeted Turkey’s widely used electronic toll collection system, HGS (Hizli Gecis Sistemi). The attack, which compromised the app’s messaging service, resulted in offensive and threatening messages being sent to users. Some of the messages contained profanities, while others demanded ransom payments in Bitcoin, amounting to $25,000, under the threat of data leaks. Although the attack caused alarm among Turkish residents, the National Post and Telegraph Directorate (PTT), responsible for the app’s operation, confirmed that no data breaches or unauthorized access to user information occurred during the incident.
The technical details behind the attack revealed that it was a breach of the API used by OneSignal, a third-party service for mobile push notifications. A cybersecurity expert in Turkey suggested that the hack involved manipulating an exposed API key, which allowed the attacker to send malicious notifications through the app. This breach was not isolated to HGS, as a similar attack was reported with the Anadolu Sigorta mobile app earlier in the week, further highlighting potential vulnerabilities in apps using the same third-party notification services.
In response to the attack, PTT acted swiftly to secure the HGS app, activating security measures to contain the breach and prevent further unauthorized access. They assured users that there had been no loss of sensitive data and that immediate action was taken to block any additional malicious messages. PTT also announced that legal proceedings were being initiated in collaboration with relevant authorities to address the cyberattack. This incident has raised concerns about the cybersecurity protocols in place for digital platforms that handle sensitive information, especially widely used systems like HGS.
The breach has brought attention to the need for stronger cybersecurity measures across Turkey’s digital infrastructure, particularly for critical public systems. While PTT’s prompt response helped mitigate the immediate impact, the attack demonstrates the vulnerabilities in digital services, especially those reliant on third-party systems. As investigations into the breach continue, it is clear that maintaining robust and continuously updated security practices is essential to protect public-facing platforms and prevent future cyberattacks.
Reference: