Millions of Tokopedia e-commerce account breached, Govt responds it

Last updated on May 7th, 2021 at 08:57 am

Tokopedia, one of the largest e-commerce companies in Indonesia has been breached its million user accounts.

According to Tokopedia representative, the company itself is investigating a rumored breach to more than 15 million of its customer accounts.

“We found attempts to steal data from Tokopedia users, but Tokopedia ensured that important user information, such as passwords, remain protected,” Nuraini Razak, Tokopedia’s vice president of corporate communication, said in the statement.

She stated that company at present continue to investigate this case.

“We always try to maintain the confidentiality of user data because Tokopedia’s business is a business of trust. User data security is Tokopedia’s top priority,” Nuraini said.

The case was earlier reported by ZDNet, an American technology news website, saying a hacker leaked 15 million Tokopedia user accounts following an exploit in March.

We found attempts to steal data from Tokopedia users, but Tokopedia ensured that important user information, such as passwords, remain protected,” Nuraini Razak, Tokopedia’s vice president of corporate communication, said.

The data that have been leaked contain emails, hashed passwords, and user names but did not contain a critical feature that would allow the hacker to crack the hashed password immediately, the report said.

That should give time to compromised Tokopedia users to change their password.

“Although the user’s passwords and other crucial information are still protected behind encryption, we encourage Tokopedia users to keep changing their account passwords regularly for security and convenience,” Nuraini noted.

In fact, the account Twitter @underthebreach said the hacker had sold the Tokopedia database of 91 million accounts for US$5,000 (Rp74.5 million) on the Darknet.

Following an alleged data breach experienced by Tokopedia, Cyber security expert from Vaksin.com, Alfons Tanujaya, said that the breached information were usernames, email addresses, date of births, and telephone numbers. “Nearly 100 percent of Tokopedia user accounts have been breached,” he said as quoted by Tempo, May 3, 2020.

Alfons reminded two possible threats that might occur to the account holders, namely phishing and brute force. “Exploitation of email data, cellphone numbers and other sensitive data such as birth dates are very vulnerable to be used for phishing, scam and telemarketing activities,” he said.

According to him, the brute force method is easily prevented. “Just give them time pendings, one mistaken password from the hacker means they get 10 minutes pending, twice means 20 minutes pending, three times means 40 minutes pending, and so on, so the hack will not work,” he explained.

Meanwhile, if phishing happens, the loss depends on the victim. “If the account holders were successfully deceived and not get an update, they could easily enter their credentials into fake sites,” he added.

All online services are targeted by hackers, like what Alfons said. However in Tokopedia case right now, according to him, is still relatively not too dangerous. “It’s still good to have a hash (encrypted) and has implemented TFA (Two Factor Authentication), so the user accounts are safe,” he said.

The same thing was conveyed by IT experts from Drone Emprit and Kernels Indonesia, Ismail Fahmi regarding the alleged burglary of 91 million user accounts for Tokopedia e-commerce. According to him, the IT system in Tokopedia is actually relatively safe.

OTP:

“Tokopedia has OTP (One Time Password). So once every login, OTP will be sent via SMS or WhatsApp,” he said as quoted by CNBC Indonesia, Sunday, May 3, 2020.

However, the most important aspect is not about the password on the Tokopedia site for this case, according to Ismail, but rather the leaked personal data.

For information, Tokopedia has more than 7 million merchants on its platform, serving more than 90 million visitors every month, according to the company’s recent statement.

Meanwhile, the Communication and Informatics Minister Johnny G. Plate on Sunday urged the Indonesian e-commerce to guarantee the security of its users’ personal data.

“The first thing that needs to be done by Tokopedia is to immediately improve its security system to prevent a further breach in data,” said the minister in Sunday’s written release.

Johnny also called for Tokopedia to notify users that might have been exposed to the hackers and to conduct a thorough internal investigation on the incident to find out those responsible for exposing personal data at risk.

For the update, he also said that the ministry will soon receive the full report regarding the incident after it is completed by Tokopedia.

Moreover, Johnny reminded that e-commerce is required to adhere to the government’s standard on personal data protection standards overseen by the Government Regulation No.71 on electronic systems and transactions.

On Monday, May 4, Johnny stated that the government, along with the Indonesian House of Representative (DPR), continues to accelerate efforts in ratifying the Personal Data Protection Bill (RUU PDP).

Noto

Jakarta-based Newswriter for The Asian Affairs. A budding newswriter that always keep track of the latest trends and news that are happening in my country Indonesia.

Recent Posts

Bangchak Reduces the Price of Premium Oil to 5 baht Ahead of Christmas & New Year

BCP (Bangchak Corporation Petroleum Public Company Limited) has announced a New Year gift to the users of BCP Premium oil…

December 23, 2024

Vietnam International Defense Expo 2024

The 2024 Vietnam International Defense Expo was inaugurated by the Prime Minister Pham Minh Chinh on December 19, 2024 and…

December 22, 2024

Shooting concludes: Stranger Things 5 to release on Netflix in 2025

Created by the Duffer Brothers, Stranger Things is one of the most popular sci-fi horror series globally. It is set…

December 21, 2024

China’s Hypersonic Expansion in Asia Raises Alarms for India

According to the US Department of Defense, China has now produced the most sophisticated supply of hypersonic weapons in the…

December 21, 2024

Melaka International Halal Festival 2024

The Melaka International Halal Festival 2024 aims to turn the city as the prime center of the Halal products and…

December 21, 2024

Chunichi Dragons Renews the Contract of Hiroto Takahashi with Annual Salary of 120 million yen

On Saturday, the stalwart of Chunichi Dragons Pitcher, Hiroto Takahashi attended the negotiation for his contract renewal for the next…

December 21, 2024

This website uses cookies.

Read More