Tokopedia, Indonesia’s largest e-commerce platform, has allayed fears that its users’ payment information have been compromised as the startup unicorn moves to probe reports of a massive data leak.
On Saturday, Israel-based data breach monitoring and prevention service Under the Breach tweeted that a hacker had leaked Tokopedia’s database of 15 million users, containing their personal information, emails, and password hashes. Under the Breach then followed that up with another tweet saying that the hacker had obtained Tokopedia’s full database of 91 million users and was selling it on the Darknet for US$5,000.
UPDATE: same actor is now selling the full database with allegedly 91,000,000 records for $5,000 on the Darknet.
This is really bad, make sure you change your passwords for other services in case you are re-using passwords. pic.twitter.com/bGOnAhmQ7e
— Under the Breach (@underthebreach) May 2, 2020
According to Under the Breach, the hack occurred in March 2020.
As the news quickly spread to Indonesia, Tokopedia said it is carrying out a probe into the alleged data hack while reassuring users that their payment information are secure.
“There is no payment data leak. All transactions with all methods of payments, including by debit card, credit card, and OVO in Tokopedia are still secure,” Tokopedia VP of Corporate Communications Nuraini Razak told reporters yesterday, as quoted by CNN Indonesia.
Tokopedia has confirmed an attempted personal data breach but has yet to divulge details on whether or not the hacker had successfully infiltrated its database as reported by Under the Breach. Nevertheless, the e-commerce platform says that users regularly updating passwords is a diligent practice for all digital services.
Tokopedia is set to meet with the Communications and Information Ministry today to explain the alleged hack and share the findings of its investigation into the matter.
Subscribe to The Coconuts Podcast for top trending news and pop culture from Southeast Asia and Hong Kong.