A hacker has just published Tokopediaโ€™s stolen data of over 15 million records in a hacking forum. Tokopedia is Indonesiaโ€™s Amazon, which is having over 90 million monthly active users. The hackerโ€™s publication is for asking anyone the community to help him crack the hashed passwords so that he can breach into accounts. While thereโ€™s no official comment from Tokopedia yet, users are suggested to change passwords as a precaution.

Tokopedia is Indonesiaโ€™s largest e-commerce platform. Itโ€™s has raised over $2.3 billion in a series of rounds to become one of the hottest tech unicorns of Indonesia. The site is similar to the USโ€™s Amazon and Indiaโ€™s Flipkart, an online marketplace for buying and selling goods. While the site claims if having around 90 million monthly active users, it has also over 7 million merchants selling items. Itโ€™s ranked in Alexโ€™s top 200 sites for having significant monthly traffic.

Tokopedia Data Leak
Tokopedia Data Leak

A Bunch Of Details

As ZDNet reported, an unknown hacker has posted a part of the huge database he stole from Tokopedia in March this year. The records consist of the userโ€™s full name, email address, hashed password, phone number, and date of birth. Further, thereโ€™s also a bunch related to Tokopedia like account creation date, last login, password reset codes, location details, email activation codes, messenger IDs, about-me fields, education, etc.

The database is a PostgreSQL dump, and the passwords are hashed with SHA2-384 algorithm, which is harder, but still possible to crack. Hacker has posted a part of this dump, asking others to try cracking password hash and access the account. Being tough, it gives users a significant amount of time to react to the issue, by changing their passwords to be safe.

An email request by ZDNet wasnโ€™t answered yet, but Tokopedia says itโ€™s investigating the matter to a breach monitoring firm, Under the Breach.

LEAVE A REPLY

Please enter your comment!
Please enter your name here