Tokopedia, Indonesia’s largest e-commerce platform, has eased fears that its users’ payment-information has been compromised. The company investigated an attempted hack and claimed that the details of millions of its users had leaked online.
On Saturday, Israel-based data breach monitoring and prevention service Under the Breach tweeted that a hacker had leaked Tokopedia’s database. Its database has 15 million users, containing their personal information, emails, and password hashes.
Under the Breach has followed that up with another tweet saying that the hacker had obtained the company’s full database. And that the hacker was selling its full database of 91 million users on the Darknet for US$5,000.
Tokopedia’s spokesman said on Saturday that they discovered an attempt to steal data from its users. However, the company ensures that crucial information such as passwords remains successfully protected behind encryption.
They’ll continue to investigate further into this matter and there is no additional information that they can share, he added.
As the news spread to Indonesia, the company said it is carrying out a probe into the alleged data hack. It reassures users that their payment information is secure.
There’s no payment data leak, all methods of payments including debit card, credit card, and OVO are secure. This was a statement from its VP of Corporate Communications Nuraini Razak.
The startup unicorn has confirmed an attempted personal data breach. But it has yet to divulge details on whether or not the hacker had successfully infiltrated its database.
Nevertheless, it said that users regularly updating passwords is a diligent practice for all digital services.
The e-commerce platform will meet with the Communications and Information Ministry today. This is to explain the alleged hack and share the findings of its investigation into the matter.
The data breach monitoring firm Under the Breach’s Twitter post on Saturday showed screenshots from an unnamed individual. The hacker was claiming he/she acquired the personal details of Tokopedia’s 15 million users.
Under the Breach said the hacking on Indonesia’s largest online store occurred in March 2020.
The hacker claimed the data gathering occurred during an intrusion that took place during that time. And that is only a small part of the site’s entire user database that was obtained in the hack.
The file was a PostgreSQL database dump, showing names, emails, and birthdays of Tokopedia’s users. Moreover, the hacker alleged he or she possessed a much bigger user database.
The leaker was sharing the user’s sample in the hopes someone could help crack the user passwords. This way, they could be used to access user accounts.
Two billion dollars in funding supports Tokopedia from investors including SoftBank Group Corp’s Vision Fund and Alibaba. Its founder and CEO William Tanuwijaya is one of the country’s most prominent tech entrepreneurs. It claims more than 90 million monthly active users.
Its spokesman declined to comment directly on the hacker’s claims but said all transactions with all payments methods remain secure.
- Interested in Online Trading with Alibaba Stocks? Read WiBestBroker’s comprehensive review on HQBroker.