A major data leak involving the Turkish app Quran Kuran has potentially exposed over 3.6 million sensitive records, putting millions of Muslims at risk of unauthorized surveillance and privacy breaches.
On August 15, researchers at Cybernews identified an unprotected Elasticsearch server that left vast amounts of personal and technical data exposed on the internet. The data has been traced back to Quran Kuran, an app developed by Istanbul-based Sigma Telecom.
What Data Was Exposed?
The breach included highly sensitive information, such as:
- Geodata
- Device and network identifiers
- MAC addresses (unique 12-digit hexadecimal codes for devices)
- IP addresses
- SIM serial numbers
- Carrier details
- Application-specific information
Why This Breach Matters
The leaked data, which contained detailed geolocation and device-specific identifiers, poses significant risks to users. According to Cybernews researchers, such information could be exploited by malicious actors for identity theft, cyber fraud, and even unauthorized surveillance.
“This level of exposure makes it easy for threat actors to pinpoint users’ places of residence by analyzing WiFi SSIDs,” Cybernews researchers noted. “SIM serial numbers can also be abused to track users’ movements, especially in scenarios like protests, where cellular traffic is often intercepted.”
The breach is particularly troubling given the recurring risks faced by the Muslim community in relation to data collection. In 2020, it was revealed that the US federal government purchased location data from popular Muslim prayer apps to conduct surveillance.
Threat to Privacy and Religious Freedom
The American Civil Liberties Union (ACLU) has previously expressed grave concerns over the misuse of such data, describing it as a threat to both privacy and religious freedom. “Data about religious beliefs is categorized as highly sensitive under laws like the CCPA and GDPR, given its potential for misuse by opposing groups for discrimination or violence,” Cybernews researchers emphasized.
Developer Response
After being alerted by Cybernews, the app’s developers secured access to the exposed server. However, an official response from Sigma Telecom has yet to be provided.
Subscribe to our channels on WhatsApp, Google News, Facebook and Instagram.Support independent Islamic website.
Support our mission to spread Islamic knowledge. Your donation helps our volunteer writers and infrastructure. Contribute now.
