Bjorka Is Back! Claims Broke More Than 19 Million BPJS Employment Data

Caption of the BPJS Employment data screen claimed by Bjorka. (photo: Twitter @p4c3n0g3)

JAKARTA - After months of disappearance, Bjorka is acting up again. This time, the phenomenal hacker has claimed another victim, who is none other than the Employment Social Security Administration Agency (BPJS).

In Bjorka's upload on the Breached forum on Sunday, March 12 yesterday, he showed that he had obtained 19,564,922 data from BPJS Ketenagakerjaan members consisting of Population Identification Number (NIK), name, email, cellphone number, address, place of birth date, gender, job, place of work and others.

Apart from that, Bjorka also deliberately provided 100,000 data from Aceh Province as a free sample. However, for the rest he sold 10,000 US dollars, equivalent to IDR 153 million, and only accepted payment in Bitcoin.

"IF YOU WANT TO BUY MY DATABASES, JUST PM ME ON BF OR CONTACT ME ON TELEGRAM WITH THE FOLLOWING FORMAT: "I WANT TO BUY DATA [DATA NAME]". OTHER THAN USING THAT FORMAT I WILL IGNORE BECAUSE I RECEIVE A LOT OF SPAM ON TELEGRAM. BECAUSE THE PREVIOUS CHANNEL HAS BEEN CLOSED AGAIN BY TELEGRAM AND THIS HAS HAPPENED 5 TIMES, PLEASE JOIN MY NEWEST TELEGRAM CHANNEL BY VISITING MY WEBSITE https://bjork.ai," wrote Bjorka in the forum.

Furthermore, responding to the actions of Bjorka, a security researcher and open-source intelligence (Osint) enthusiast, Mario via his Twitter page has proven that not all of the samples obtained by the hackers were suitable.

"Bjorka is back again! Yesterday 12/03/23 Bjorka claimed to have 5GB of @BPJSTKinfo data. There were 100k sample data containing NIK, FULL NAME, DATE OF BIRTH, ADDRESS, NO HP, EMAIL, TYPE OF JOB, COMPANY NAME, etc. The samples the data provided are from DI Aceh province.

The question is why is Bjorka only appearing now when he is busy exposing corrupt officials?" tweeted Mario.

Bjorka kembali lagi! Kemaren tanggal 12/03/23 Bjorka mengklaim memiliki 5GB data @BPJSTKinfo. Ada 100k sampel data yang berisi NIK, NAMA LENGKAP, TGL LAHIR, ALAMAT, NO HP, EMAIL, JENIS PEKERJAAN, NAMA PERUSAHAAN, dll. Sampel data yang diberikan berasal dari provinsi DI Aceh.… https://t.co/2N78fiGwtn pic.twitter.com/OvRu7iBlWn

— Mario (@p4c3n0g3) March 13, 2023

Then, to check whether the mobile number that Bjorka got is valid, try searching for this information through the getcontact or truecaller applications. Then he matched the name, but he found some data was not the same.

"Because there was no comparative data, I tried to find information on the cellphone number in the sample data at getcontact/truecaller & matched the name, but some of the data were not the same," said Mario.

However, Mario emphasized that this was only based on his personal analysis, not representing all the contacts that Bjorka managed to break into.

"Even if the number changes, usually on GetContact there is still the name of the old owner. The numbers that are checked are not there. There are names in the sample data, the numbers are female names and vice versa. This is just a random check of several numbers. It does not represent all the data," Mario explained.

Karena tidak ada data pembanding, saya coba cari informasi nomor HP yang ada pada sampel data di getcontact/truecaller & mencocokan dengan namanya tapi ada beberapa data tidak sama.

Even pun nomernya ganti, biasanya di getcontact masih ada nama pemilik lama. Nomor2 yang dicek… https://t.co/Q4DzwMfdd1 pic.twitter.com/fJgIl1QUDg

— Mario (@p4c3n0g3) March 13, 2023

The day after Mario tweeted the results of his analysis, BPJS Ketenagakerjaan's Twitter responded, saying that they were currently conducting an investigation.

"Hi Friends. We are currently coordinating and investigating regarding the truth of information regarding data hacking, at the same time we are also increasing the security of information technology systems as a preventive measure. Thanks. -Iqbal," said Twitter @BPJSTKInfo.

Hai Sahabat. Kami sedang melakukan koordinasi dan investigasi terkait kebenaran informasi adanya peretasan data, bersamaan dengan itu kami juga melakukan peningkatan keamanan sistem teknologi informasi sebagai tindakan preventif. Tks. -Iqbal

— BPJS Ketenagakerjaan (@BPJSTKinfo) March 13, 2023

Previously it was reported that Bjorka last year shocked the public because he succeeded in breaking into data on Indonesian citizens obtained from PeduliLindungi (which is now SatuSehat), voters in the election, My Pertamina and even the correspondence of President Joko Widodo (Jokowi).