A hacker has just published Tokopediaโs stolen data of over 15 million records in a hacking forum. Tokopedia is Indonesiaโs Amazon, which is having over 90 million monthly active users. The hackerโs publication is for asking anyone the community to help him crack the hashed passwords so that he can breach into accounts. While thereโs no official comment from Tokopedia yet, users are suggested to change passwords as a precaution.
Tokopedia is Indonesiaโs largest e-commerce platform. Itโs has raised over $2.3 billion in a series of rounds to become one of the hottest tech unicorns of Indonesia. The site is similar to the USโs Amazon and Indiaโs Flipkart, an online marketplace for buying and selling goods. While the site claims if having around 90 million monthly active users, it has also over 7 million merchants selling items. Itโs ranked in Alexโs top 200 sites for having significant monthly traffic.
A Bunch Of Details
As ZDNet reported, an unknown hacker has posted a part of the huge database he stole from Tokopedia in March this year. The records consist of the userโs full name, email address, hashed password, phone number, and date of birth. Further, thereโs also a bunch related to Tokopedia like account creation date, last login, password reset codes, location details, email activation codes, messenger IDs, about-me fields, education, etc.
The database is a PostgreSQL dump, and the passwords are hashed with SHA2-384 algorithm, which is harder, but still possible to crack. Hacker has posted a part of this dump, asking others to try cracking password hash and access the account. Being tough, it gives users a significant amount of time to react to the issue, by changing their passwords to be safe.
An email request by ZDNet wasnโt answered yet, but Tokopedia says itโs investigating the matter to a breach monitoring firm, Under the Breach.