Indonesian e-commerce platform Bukalapak has played down concerns about the data of its users being sold on the dark web after reports emerged that the startup unicorn was among those targeted in a huge hacking breach involving several sites and millions of users worldwide.
The hacker, known by the handle Gnosticplayers, recently put up for sale the data of six companies, totaling 26.42 million user data, on the dark web for US$4,940 in bitcoins. Bukalapak reportedly represented the biggest slice of the hacked data with the hacker having obtained 13 million user’s names, passwords, shopping details, IP addresses and more in July 2017.
Bukalapak today denied that Gnosticplayers ever breached their security but acknowledged in rather vague terms that there have been repeated attempts to breach the e-commerce site in the past.
“We are always upgrading our security system in Bukalapak to ensure the safety and comfort of our users and to ensure that important users data won’t be abused,” Bukalapak Head of Corporate Communications Intan Wibisono wrote in a press release today, as picked up by Kompas.
“There’s always a potential for hacking attempts like this in the digital industry,” she added.
The reason many are taking Gnosticplayers’ claims seriously is that he has, reportedly, already put up for sale over 840 million user records on the dark web over three sales rounds in the past month, and that’s excluding this latest round involving Bukalapak. Many of the companies whose data the hacker obtained in previous rounds have confirmed the breach. The hacker told ZDNet that some companies gave in to extortion demands so the breach would remain private.
Bukalapak, one of Indonesia’s four startup unicorns, says it has 50 million monthly active users and 4 million participating merchants in Indonesia.
Fast. Funny. Digital. We produce creativity that delights and influences customers. Join forces with us to slay buzzwords, rise above the noise, and sow the seeds of something great.