TheJakartaPost

Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Data breach jeopardizes more than 15 million Tokopedia users, report finds

  • Rizki Fachriansyah
    Rizki Fachriansyah

    The Jakarta Post

Jakarta   /   Sun, May 3, 2020   /   04:28 pm
Data breach jeopardizes more than 15 million Tokopedia users, report finds Tokopedia has about 90 million active users in Indonesia. (Shutterstock/Dedy Pramu)

Homegrown e-commerce unicorn Tokopedia has had its internal database breached by an as-yet unidentified party, resulting in a massive data leak that has affected millions of its users, according to a recent report by cybersecurity research collective Under the Breach.

The group wrote on its official Twitter page @underthebreach that the hack occurred in March and affected personal information belonging to more than 15 million users.

The full database – which reportedly includes 91 million records consisting of email addresses, password hashes (an encrypted form of users’ passwords) and names of Tokopedia users – has now been put up for sale on the dark web for US$5,000 by a member of data-exchange platform Raid Forums, the group said.

Tokopedia spokesperson Nuraini Razak confirmed that a breach had taken place but claimed the company had ensured the security of its users’ personal data.

 “We have detected an attempt to steal data belonging to Tokopedia users. However, we have made sure that our users’ personal information, such as passwords, remain protected,” Nuraini said in a statement on Saturday.

Nevertheless, she urged Tokopedia users to change their passwords to prevent data thieves from misusing their accounts despite the platform’s encryption measures.

“Although passwords and other crucial user data remain encrypted, we still encourage Tokopedia users to change their passwords periodically to ensure their safety and security,” Nuraini said.

Data related to payment methods stored on Tokopedia, such as credit cards, debit cards and e-wallet information, was not affected by the breach, she said, adding that the company was investigating the breach.