Hacked Data, Tokopedia Asks Users To Change Password
JAKARTA - Data on users of the online buying and selling application Tokopedia was reportedly leaked and sold illegally. This issue is widely discussed on social media. In fact, Tokopedia became a trending topic on Twitter.
VP of Corporate Communications Tokopedia, Nuraini Razak, admitted that there were attempts to hack user data. However, Nuraini emphasized that he did not know who hacked Tokopedia because it is currently still under investigation.
"Regarding the issues circulating, we have found an attempt to steal data against Tokopedia users," said Nuraini in an official statement received by VOI, Sunday, May 3.
However, Nuraini ensures that all important information, such as passwords and crucial user information, is not leaked and has been successfully protected from outside parties.
Even though passwords and crucial user information are protected behind encryption, Nuraini still encourages Tokopedia users to periodically change their account passwords for security and convenience.
"Tokopedia also implements multiple layers of security, including OTP which can only be accessed in real time by the account owner, so we always educate all users not to provide OTP codes to anyone and for any reason," he said.
Initially, the news of Tokopedia's data hacking was revealed by the Twitter account @underthebreach. In his tweet, @underthebreach said the hackers had data on 15 million Tokopedia user accounts.
This data was sold on the dark web in March 2020. The selling price of Tokopedia user data is US $ 5,000 or the equivalent of Rp.73.4 million.
The data collected is in the form of password hashes, names and e-mail addresses. The hacked data also includes date of birth, e-mail activation code, password reset code, location details, messenger ID, hobbies, education, account creation time and last log-in time.
Even so, hackers still can't crack the hash algorithm because they haven't been able to bypass the specific "salt" code. This code serves to protect the user's password with an algorithm.
Actor leaked the database of Tokopedia - a large Indonesian technology company specializing in e-commerce. (@ Tokopedia) - Hack occurred in March 2020 and affected 15,000,000 users though the hacker said there are many more.- Database contains emails, password hashes, names pic.twitter.com/CZTYImj6jA
- Under the Breach 🦠 (underthebreach) May 2, 2020