Again, User Data Hacked E-commerce Site

JAKARTA - The news of hacking of Indonesian-based e-commerce sites has occurred again. After the Tokopedia user data leak, now a group of hackers named ShinyHunters claims to have 1.2 million user data on the Bhinneka.com site.

Launching from the ZDnet page, this group also claims to have a number of account data from 10 other sites. All of this data will be traded on the dark web site.

This group of hackers also shared some samples from the database which they managed to break into. As proof that they already have user data records from these sites.

Apart from Bhinneka, the nine other sites that were hacked by the group included the online dating app Zoosk, the South Korean fashion platform, SocialShare, the online newspaper Chronicle of Higher Education, the printing company Chatbooks, and the United States newspaper StarTribune.

Data samples shared by the ShinyHunters hacker group (doc.ZDnet)

Separately, Bhinneka's Group Head, Brand Communication & PR, Astrid Warsito, said that his party was investigating the news of the breakdown of user data from its website and being traded on the dark web. As a precautionary measure, he urged his customers to immediately change and change his old password.

"Until now, we are still investigating the truth of the news and also investigating Bhinneka's internal system regarding the allegation," Astrid said in his short message.

Astrid explained, Bhinneka has implemented the global security standard of TUV Rheinland's PCI DSS (Payment Card Industry Data Security Standard) to protect customers. Bhinneka also emphasized that customer passwords in the database are always encrypted, and do not store credit or debit card data.

"We also inform you that customer passwords in the database are always encrypted. However, it is good that we together avoid any bad intentions and prevent them together," he explained.

PR DPR Discussing Personal Data Protection Bill

In fact, the DPR has received the draft Personal Data Protection (PDP) Bill from the Ministry of Communication and Informatics. It's just that discussions on the PDP Bill have stalled since the COVID-19 pandemic broke out.

According to DPR RI Commission I member Abdul Kadir Karding, the PDP Bill is being prepared to enter the National Legislation Program. The recognition of the COVID-19 pandemic, is indeed quite hindering the performance and discussion of this kind of regulation.

"The personal data protection law is important and strategic in an era like today. Moreover, it can provide security guarantees for online transactions and information data can be maintained and protected by the state," Karding said when confirmed with VOI.

In detail, the PDP Law regulates the security mechanism for user information data and electronic transactions. So it is hoped that it can provide legal certainty if personal data is misused by other people or parties.

The draft PDP Bill contains 80 articles, one of which regulates a fine of IDR 100 billion for parties who process personal data without permission. This draft has also been submitted to the House of Representatives (DPR) around February 2020.