TheJakartaPost

Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Tokopedia appoints independent cybersecurity company to investigate data theft

  • Eisya A. Eloksari

    The Jakarta Post

Jakarta   /   Tue, May 12, 2020   /   03:37 pm
Tokopedia appoints independent cybersecurity company to investigate data theft Tokopedia has appointed an independent global cybersecurity institution to help investigate the recent data theft. (Antara/Puspa Perwitasari)

E-commerce platform Tokopedia has announced that it has appointed an independent global institution specializing in cybersecurity to improve its security system following the recent data breach that affected millions of its users.

The decision was publicized in a letter sent by the Tokopedia CEO William Tanuwijaya to all its users on Tuesday, more than a week after the report on the data breach circulated.

“On May 2, 2020, we became aware of a theft of Tokopedia users’ personal data by an unauthorized third party,” William said in the letter.

He said the company had taken steps to address the incident, including informing all users, commencing an investigation and taking necessary actions to ensure the safety and security of its users’ accounts and transactions.

“In addition to a thorough internal investigation, we have also appointed a top independent global institution specializing in cybersecurity to help investigate the data theft and identify additional protection enhancements for our users’ data,” he said.

Cybersecurity research collective Under the Breach previously reported that up to 91 million records, including email addresses and encrypted passwords from the company’s user database were put up for sale on the dark web for US$5,000.

Since then, Tokopedia has been collaborating with government agencies including the Communications and Information Ministry and the National Cyber and Encryption Agency (BSSN) to investigate the incident.

William continued by saying that the company continuously built, developed and improved its procedures and prevention and mitigation measures in its security systems according to the best standards in the world.

“As an added precaution, we have advised all users of additional steps they should take to ensure they are protected, such as changing their password on Tokopedia, not using the same password on other digital platforms and not sharing OTP codes with anyone for any reason,” he said, adding that user passwords were encrypted with one-way encryption.

Previously, Communications and Information Minister Johnny G. Plate said that users' financial data were “safe” after a meeting with Tokopedia’s board of directors.

“Tokopedia has explained that user accounts and financial data are safe,” the minister said. “It was conveyed [during the meeting that Tokopedia’s] security system cannot be breached, although data relating to names, emails and telephone numbers may have partly been accessed by hackers.”