The Jakarta Post
E-commerce platform Tokopedia has announced that it has appointed an independent global institution specializing in cybersecurity to improve its security system following the recent data breach that affected millions of its users.
The decision was publicized in a letter sent by the Tokopedia CEO William Tanuwijaya to all its users on Tuesday, more than a week after the report on the data breach circulated.
“On May 2, 2020, we became aware of a theft of Tokopedia users’ personal data by an unauthorized third party,” William said in the letter.
He said the company had taken steps to address the incident, including informing all users, commencing an investigation and taking necessary actions to ensure the safety and security of its users’ accounts and transactions.
“In addition to a thorough internal investigation, we have also appointed a top independent global institution specializing in cybersecurity to help investigate the data theft and identify additional protection enhancements for our users’ data,” he said.
Cybersecurity research collective Under the Breach previously reported that up to 91 million records, including email addresses and encrypted passwords from the company’s user database were put up for sale on the dark web for US$5,000.
Since then, Tokopedia has been collaborating with government agencies including the Communications and Information Ministry and the National Cyber and Encryption Agency (BSSN) to investigate the incident.
William continued by saying that the company continuously built, developed and improved its procedures and prevention and mitigation measures in its security systems according to the best standards in the world.
“As an added precaution, we have advised all users of additional steps they should take to ensure they are protected, such as changing their password on Tokopedia, not using the same password on other digital platforms and not sharing OTP codes with anyone for any reason,” he said, adding that user passwords were encrypted with one-way encryption.
Previously, Communications and Information Minister Johnny G. Plate said that users' financial data were “safe” after a meeting with Tokopedia’s board of directors.
“Tokopedia has explained that user accounts and financial data are safe,” the minister said. “It was conveyed [during the meeting that Tokopedia’s] security system cannot be breached, although data relating to names, emails and telephone numbers may have partly been accessed by hackers.”