A hacker has just published Tokopedia’s stolen data of over 15 million records in a hacking forum. Tokopedia is Indonesia’s Amazon, which is having over 90 million monthly active users. The hacker’s publication is for asking anyone the community to help him crack the hashed passwords so that he can breach into accounts. While there’s no official comment from Tokopedia yet, users are suggested to change passwords as a precaution.
Tokopedia is Indonesia’s largest e-commerce platform. It’s has raised over $2.3 billion in a series of rounds to become one of the hottest tech unicorns of Indonesia. The site is similar to the US’s Amazon and India’s Flipkart, an online marketplace for buying and selling goods. While the site claims if having around 90 million monthly active users, it has also over 7 million merchants selling items. It’s ranked in Alex’s top 200 sites for having significant monthly traffic.
A Bunch Of Details
As ZDNet reported, an unknown hacker has posted a part of the huge database he stole from Tokopedia in March this year. The records consist of the user’s full name, email address, hashed password, phone number, and date of birth. Further, there’s also a bunch related to Tokopedia like account creation date, last login, password reset codes, location details, email activation codes, messenger IDs, about-me fields, education, etc.
The database is a PostgreSQL dump, and the passwords are hashed with SHA2-384 algorithm, which is harder, but still possible to crack. Hacker has posted a part of this dump, asking others to try cracking password hash and access the account. Being tough, it gives users a significant amount of time to react to the issue, by changing their passwords to be safe.
An email request by ZDNet wasn’t answered yet, but Tokopedia says it’s investigating the matter to a breach monitoring firm, Under the Breach.