Jakarta, TheIndonesiaPost – Tokopedia’s online shopping site has just been hacked. A total of 91 million user data and more than seven million Tokopeda merchant data are reportedly sold on the dark web.
This information was first detected by the @underthebreach account. In his latest tweet, the user and merchant data are sold at 5,000 US dollars, or around Rp. 74 million on a black site.
From the Hackread site report, user data sold include gender, location, username, user’s full name, e-mail address, cellphone number, and password. Data sold on illegal sites were collected by hackers until March 2020.
However, user and merchant payment card data may not be collected.
This event is feared to be detrimental to Tokopedia users and merchants because they have the potential to receive fraudulent attacks via e-mail obtained from the black market.
Cybercriminals can use victims’ e-mails and passwords to commit extortion and fraud related to identity theft.
“Regarding the issues that are circulating, we found an effort to steal data from Tokopedia users,” said Tokopedia VP of Corporate Communications, Nuraini Razak Quoted from KompasTekno.
Despite confirming theft, Tokopedia claims that user information is safe and secure.
Nuraini said that the user’s password was protected and encrypted.
Tokopedia also applies an OTP (one-time-password) code system that can only be accessed in real-time by the account owner.
Check if your toped account has leaked here …
The news of the leak of data on Tokedia users surprised many people. Now to check whether your account has been leaked or not? Try to check the Have I Been Pwned site.
This site can identify whether e-mail addresses used for online service accounts have been exposed to data leakage incidents or not.
Based on the observation of KompasTekno, Sunday (05/03/2020), the Have I Been Pwned site has included information on the Tokopedia data leakage case, with the estimated number of affected e-mail addresses reaching 12 million.
E-commerce users can see whether their e-mail account is leaked or not. How to check it is quite easy. After the site opens, enter the e-mail address used to register an online account. Then click the “pwned” button on the right-hand side.
The site will then browse the database and will inform if the e-mail address has been entered in case of data leakage. The Have I Been Pwned page will also provide account information on which platforms are affected.
If affected, you should immediately change your password and activate the two-step verification system to increase account protection. Also, change other online service passwords that use similar keywords. (ojan/bbs)
Comment