The Jakarta Post
Consumer electronics e-commerce platform Bhinneka.com may have become the latest target of data theft following reports of two similar cases concerning e-commerce platforms Tokopedia and Bukalapak earlier this month.
The data of up to 1.2 million Bhinneka.com users is reportedly being sold on the dark web for US$1,200 by a hacker group called ShinyHunters. The group is believed to be the same cybercrime organization responsible for the reported Tokopedia and Bukalapak data breaches.
ShinyHunter is said to have the data of 73.2 million users from 10 digital companies, including Bhinneka.com. The entire collection of data is being sold for $18,000, Kompas.com reported.
“We are currently investigating our internal system with the National Cyber and Encryption Agency (BSSN) in regard to the alleged data breach,” said Bhinneka.com chief of commercial and omnichannel Vensia Tjhin in a statement on Tuesday.
She added that Bhinneka.com implemented a global data security standard called TUV Rheinland's Payment Card Industry Data Security Standard (PCI DSS) to protect its customers.
Customers’ passwords in the database were always encrypted, she said, adding that the company did not store credit or debit card data or electronic money and other digital goods data.
“However, it is best for our customers to change their passwords as a preventive measure,” Vensia said.
The reported cyberattack on Bhinneka.com is the third reported data theft attempt on a homegrown e-commerce platform in recent weeks, at a time when online shopping has become more essential amid the COVID-19 pandemic.
Tokopedia CEO William Tanuwijaya wrote a letter to the platform's users on Tuesday, more than a week after reports of the data breach first circulated, explaining that the company became aware of the data theft on May 2. Meanwhile, Bukalapak has denied reports of a data breach, maintaining its customers data was safe. (eyc)