Massive Data Leak Exposes Millions of Muslim App Users

Downloaded over 1 million times from the Google Play Store, the app is widely used by Muslims to read, study, and learn the Quran, as well as for assistance with prayer practices.
colorful code
Photo: Markus Spiske

A major data leak involving the Turkish app Quran Kuran has potentially exposed over 3.6 million sensitive records, putting millions of Muslims at risk of unauthorized surveillance and privacy breaches.

On August 15, researchers at Cybernews identified an unprotected Elasticsearch server that left vast amounts of personal and technical data exposed on the internet. The data has been traced back to Quran Kuran, an app developed by Istanbul-based Sigma Telecom.

What Data Was Exposed?

The breach included highly sensitive information, such as:

  • Geodata
  • Device and network identifiers
  • MAC addresses (unique 12-digit hexadecimal codes for devices)
  • IP addresses
  • SIM serial numbers
  • Carrier details
  • Application-specific information

Why This Breach Matters

The leaked data, which contained detailed geolocation and device-specific identifiers, poses significant risks to users. According to Cybernews researchers, such information could be exploited by malicious actors for identity theft, cyber fraud, and even unauthorized surveillance.

“This level of exposure makes it easy for threat actors to pinpoint users’ places of residence by analyzing WiFi SSIDs,” Cybernews researchers noted. “SIM serial numbers can also be abused to track users’ movements, especially in scenarios like protests, where cellular traffic is often intercepted.”

sample quran kuran

The breach is particularly troubling given the recurring risks faced by the Muslim community in relation to data collection. In 2020, it was revealed that the US federal government purchased location data from popular Muslim prayer apps to conduct surveillance.

Threat to Privacy and Religious Freedom

The American Civil Liberties Union (ACLU) has previously expressed grave concerns over the misuse of such data, describing it as a threat to both privacy and religious freedom. “Data about religious beliefs is categorized as highly sensitive under laws like the CCPA and GDPR, given its potential for misuse by opposing groups for discrimination or violence,” Cybernews researchers emphasized.

Developer Response

After being alerted by Cybernews, the app’s developers secured access to the exposed server. However, an official response from Sigma Telecom has yet to be provided.

Subscribe to our channels on WhatsApp, Google News, Facebook and Instagram.

Support independent Islamic website.

Support our mission to spread Islamic knowledge. Your donation helps our volunteer writers and infrastructure. Contribute now.

Accepted Payment Methods
Total
0
Shares
Share
Tweet
Pin it
Share
Share
Share
Subscribe
Notify of
guest

0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Previous Article
dua

Place, Time and People For Acceptance of Dua in Islam

Next Article
Daves Hot Chicken

Is Dave's Hot Chicken Halal? Can Muslims Eat It? [year]

Related Posts