Brinztech Alert: 169,000 User Records of SADENET Leaked

Dark Web News Analysis

Cybersecurity intelligence from early 2026 has identified a high-priority listing involving SADENET (sadenet.com.tr). This incident is linked to a broader 2025-2026 trend where small-to-medium ISPs in Turkey have been targeted through vulnerabilities in shared management platforms.

The threat actor alleges they gained access via a persistent backdoor or a default management password within the RoyalSRM software, a tool commonly used by smaller ISPs for subscriber and network management. The exfiltrated data reportedly includes:

• Personally Identifiable Information (PII): Full names, verified phone numbers, and physical home addresses.
• Sensitive National Identifiers: TC ID Numbers (T.C. Kimlik No), which are the primary key for all government, banking, and legal services in Turkey.
• Device Metadata: Equipment serial numbers, which can be used to identify specific hardware configurations and potential entry points for network-level attacks.
• Communication Logs: Verified email addresses associated with the subscriber accounts.
• Scale of Impact: The dump contains approximately 169,213 unique user records, representing a near-total compromise of the provider’s active subscriber base.

Key Cybersecurity Insights

The breach of an ISP via a management software backdoor represents a “Tier 1” threat due to the high-trust relationship between the provider and the subscriber:

• Industrialized “Identity Theft” (TC ID Fraud): This is the most severe risk. In Turkey, the TC ID number is a “Golden Record.” Armed with this and a verified address, attackers can bypass “Knowledge-Based Authentication” for various state and financial services.
• Vulnerability Persistence in RoyalSRM: The mention of a “persistent backdoor” in RoyalSRM indicates a systemic failure. If other ISPs are using this software with unpatched configurations or default “management” credentials, a single threat actor could compromise multiple regional providers simultaneously, creating a “ripple effect” of data theft.
• Hyper-Targeted “Technical Support” Phishing: Armed with device serial numbers and phone numbers, scammers can launch lures that are 100% convincing. A customer is significantly more likely to trust a call or SMS regarding “urgent modem updates” or “billing adjustments” if the caller identifies their specific equipment serial number.
• Regulatory Compliance (KVKK): Under the Turkish Personal Data Protection Law (KVKK), a breach of this scale involving 169,000 citizens triggers mandatory reporting and can result in administrative fines reaching millions of Lira.

Mitigation Strategies

To protect your digital identity and ensure network security following this exposure, the following strategies are urgently recommended:

• Immediate Password Rotation for SADENET Portals: If you are a SADENET subscriber, change your portal password immediately. CRITICAL: Ensure you use a unique, complex passphrase and never reuse it for your primary email, e-Devlet, or banking apps.
• Enforce App-Based Multi-Factor Authentication (MFA): Move beyond simple passwords. Enable MFA for all high-value portals to ensure that even if an attacker has your leaked TC ID, they cannot hijack your digital life.
• Verify Hardware and Software Security: If your ISP uses RoyalSRM, ensure they have patched the backdoor and rotated all administrative credentials. As a user, check your router settings and disable any “Remote Management” features that might expose your local network to the internet.
• Zero Trust for “Technical Support” Communications: Treat any unsolicited call or SMS claiming to be from “SADENET Support” asking for your “TC ID” or “Password” with extreme caution. Always verify the request by calling the official customer service line directly.

Secure Your Future with Brinztech — Global Cybersecurity Solutions

From regional ISPs and telecommunications providers to global enterprise groups, Brinztech provides the strategic oversight necessary to defend against evolving digital threats. We offer expert consultancy to audit your current IT policies and GRC frameworks, identifying critical vulnerabilities in your third-party management software and subscriber registries before they can be exploited. Whether you are protecting a national user base or a private corporate network, we ensure your security posture translates into lasting technical resilience—keeping your digital footprint secure, your customers’ data private, and your future protected.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com