Troy HuntMar 15
Have I Been Pwned
New breach: Turkish restaurant chain Baydöner had 1.2M unique email addresses exposed last week. Data also included name, phone number, city and plaintext password. 28% were already in @haveibeenpwned. Read more: https://haveibeenpwned.com/Breach/Baydoner
Have I Been Pwned: Baydöner Data Breach

In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydöner stated that payment and financial data was not affected.

Have I Been Pwned
Mar 15 at 3:43amWeb
Show threadBernard SheppardMar 15
@haveibeenpwned I love those "we haven't let your credit card details out, so it's all cool" caveats when they've just handed out the password that 10% of their customers probably use for their banking.
Show threadPolixgenMar 15
All Turkish banks enforce users to use 6 digit number only password. I dont think any site would allow that weak password.
Show threadBernard SheppardMar 15
@Polixgen That would explain the weak password also enforced by Turkish Airlines - so I wouldn't put it past another Turkish site to follow the best practice set by Turkish banks.