Tokopedia, Indonesia’s largest e-commerce platform, has allayed fears that its users’ payment information have been compromised as the startup unicorn moves to probe reports of a massive data leak.
On Saturday, Israel-based data breach monitoring and prevention service Under the Breach tweeted that a hacker had leaked Tokopedia’s database of 15 million users, containing their personal information, emails, and password hashes. Under the Breach then followed that up with another tweet saying that the hacker had obtained Tokopedia’s full database of 91 million users and was selling it on the Darknet for US$5,000.
According to Under the Breach, the hack occurred in March 2020.
As the news quickly spread to Indonesia, Tokopedia said it is carrying out a probe into the alleged data hack while reassuring users that their payment information are secure.
“There is no payment data leak. All transactions with all methods of payments, including by debit card, credit card, and OVO in Tokopedia are still secure,” Tokopedia VP of Corporate Communications Nuraini Razak told reporters yesterday, as quoted by CNN Indonesia.
Tokopedia has confirmed an attempted personal data breach but has yet to divulge details on whether or not the hacker had successfully infiltrated its database as reported by Under the Breach. Nevertheless, the e-commerce platform says that users regularly updating passwords is a diligent practice for all digital services.
Tokopedia is set to meet with the Communications and Information Ministry today to explain the alleged hack and share the findings of its investigation into the matter.