The group wrote on its official Twitter page @underthebreach that the hack occurred in March and affected personal information belonging to more than 15 million users.

The full database – which reportedly includes 91 million records consisting of email addresses, password hashes (an encrypted form of users’ passwords) and names of Tokopedia users – has now been put up for sale on the dark web for US$5,000 by a member of data-exchange platform Raid Forums, the group said.

Actor leaked the database of Tokopedia - a large Indonesian technology company specializing in e-commerce.

(@tokopedia)

- Hack occurred in March 2020 and affects 15,000,000 users though the hacker said there are many more.

- Database contains emails, password hashes, names pic.twitter.com/CZTYImj6jA

— Under the Breach 🦠 (@underthebreach) May 2, 2020

Tokopedia spokesperson Nuraini Razak confirmed that a breach had taken place but claimed the company had ensured the security of its users’ personal data.

 “We have detected an attempt to steal data belonging to Tokopedia users. However, we have made sure that our users’ personal information, such as passwords, remain protected,” Nuraini said in a statement on Saturday.

Nevertheless, she urged Tokopedia users to change their passwords to prevent data thieves from misusing their accounts despite the platform’s encryption measures.

“Although passwords and other crucial user data remain encrypted, we still encourage Tokopedia users to change their passwords periodically to ensure their safety and security,” Nuraini said.

Data related to payment methods stored on Tokopedia, such as credit cards, debit cards and e-wallet information, was not affected by the breach, she said, adding that the company was investigating the breach.

Popular

Indonesia one step from Olympics after beating South Korea

Opposition weakens as rivals pledge support for Prabowo

Golden generation