Guessing Malicious Threats From Tokopedia's Data Leaks
JAKARTA - Remember the leakage of 91 million Tokopedia user accounts in the hacker forum. Now someone has spread the credential data and can be downloaded freely.
Previously, the Tokopedia data leak was sold for 5,000 US dollars or around Rp.73.4 million in the marketplace. But somehow, an account called @Cellbris has shared this data for free on Raidforums, since July 3.
A cybersecurity expert from the Communication and Information System Security Research Center (CISSReC), Pratama Persadha, is actually worried about all the possible dangers from the leak of Tokopedia data that is distributed for free. Because the encrypted data of 9.5GB contains 91,174,216 million Tokopedia user accounts.
"If this data falls into the hands of an irresponsible person, it is very possible to be used as a basic source of criminal acts. The data that has been circulating can be used for crimes," Pratama said in a statement received by VOI, Monday, July 6.
Pratama gave an example that personal data taken from the Tokopedia leak can be used for profiling, scamming or phishing. From the data that is owned, someone could pretend to be Tokopedia and contact its users to reap the benefits.
In addition, there are many uses of personal data that can be used for specific purposes, for example applying for online loans (fintech). With the data held in the form of names, addresses, e-mails, phone numbers, it is possible to submit fintech on behalf of Tokopedia users whose data is leaked.
"Make it easier for the scammers to ask for some money claiming to be from any party, including Tokopedia,"
Pratama Persadha cybersecurity expert
The leak of millions of user data, according to Pratama, shows that Tokopedia has indeed been hacked, not just experiencing hacking attempts. He also regretted the weakness of Indonesian laws and regulations that had not covered cyber territory and the personal data of its people.
"The 91 million data leaks prove how weak our laws and regulations cover cyber and personal data. Once again, the Personal Data Protection Bill must be completed immediately and must regulate sanctions and technology standards that are implemented for electronic system operators," he stressed. Primary.
Without strict rules, it makes electronic system administrators both state and private cannot guarantee a good system and maintenance to safeguard important data and information. For example, the General Data Protection Regulation (GDPR) has been implemented in a number of countries in Europe to maintain data security.
"If there is negligence that results in a leak, the organizer can be subject to a fine with a maximum value of 20 million euros," he continued.
Tokopedia's responseIn his written statement, Tokopedia's VP of Corporate Communications, Nuraini Razak, said that he had coordinated with the authorities regarding the illegal dissemination of information on social media and internet forums regarding the stolen customer data.
"We have reported this to the police and have also reminded all parties to delete any information that facilitates access to data obtained through illegal means," said Nuraini.
He emphasized that this event was not an attempt to steal new data from Tokopedia user accounts. It guarantees that important data including Tokopedia user passwords remain safe, protected and encrypted.
"Tokopedia has conveyed information related to this data theft incident transparently and periodically to all users, coordinated with the government and various authorities regarding this data theft incident, and has implemented security measures according to international standards," concluded Nurani.