Tokopedia probes alleged data leak of 91 million users

Indonesia’s largest e-commerce platform is investigating claims that the details of its users had been leaked online


Reuters May 04, 2020
Founder and CEO of Indonesian e-commerce firm Tokopedia, William Tanuwijaya, poses for a photograph at Tokopedia headquarters in Jakarta, Indonesia, July 25, 2019. PHOTO: REUTERS

SINGAPORE: Tokopedia, Indonesia’s largest e-commerce platform, said it was investigating an attempted hack and claims that the details of millions of its users had been leaked online.

“We found that there had been an attempt to steal data from Tokopedia users,” a spokesman for the company said in a statement late Saturday.

“However, Tokopedia ensures that crucial information such as passwords remains successfully protected behind encryption.”

“At this moment, we continue to investigate further into this matter and there is no additional information that we can share,” the statement added.

Google travel data show lockdown fatigue

Data breach monitoring firm Under the Breach published a Twitter post on Saturday showing screenshots from an unnamed individual who claimed he had acquired the personal details of 15 million Tokopedia users during a March 2020 hack on the e-commerce site.

According to the screenshots, which show names, emails and birthdays, the hacker alleges he or she is in possession of a much bigger user database and asks for assistance to “crack” users’ passwords.

Under the Breach, which monitors cybercrime, said on Sunday the hacker had updated the post to offer the details of 91 million users for “$5,000 on the Darknet”. The firm shared a screenshot of the hacker’s proposed offer posted online.

TikTok surpasses 2 billion downloads, records best quarter for any app ever

Backed by $2 billion in funding from investors including SoftBank Group Corp’s Vision Fund and Alibaba, Tokopedia, whose founder and CEO William Tanuwijaya is one of the country’s most prominent tech entrepreneurs, claims more than 90 million monthly active users.

A Tokopedia spokesman declined to comment directly on the hacker’s claims but told Reuters on Sunday that “all transactions with all payments methods at Tokopedia ... remain secure.”

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ