Indonesian e-commerce unicorn Tokopedia allegedly uncovered an attempt to breach of its internal database, reports suggest a total of 91 million users could be affected. The company now claims of having begun an internal investigation on the matter of an attempted hack and data theft.
The probe comes as Data breach monitoring firm Under the Breach published a Twitter post, that had some screenshots of the stolen data available for sale. In addition Tokopedia profile-related info ( full name, phone number, account creation date, last login, password reset codes, hobbies, education, about-me fields etc) the file also contains vital user information such as emails, hashed passwords, date of births and location details.
The hacker had shared 15 million user records calling for action in “cracking” the user’s passwords which seemed to be a little more difficult. This as-yet unidentified party claims to have stolen just a small part of the company database and hacked the same in March this year. Later, Under The Breach reported that the hacked seems to have updated the post, offering database of 91 million Tokopedia users. The data has been reportedly put up for sale on the Empire darkweb Market for US$5,000.
The e-commerce marketplace backed by SoftBank Vision Fund and Alibaba Group Holding Lyd., that has over 4200 employees and accounts for over 90 million active users every month, released its statement late Saturday.
The company is investigating the security breach and advised users to reset their account passwords to a unique one for safety. It also underscored that crucial information such as passwords are secured while they’re also enhancing the security systems alongside. However, even with repeated reassurances the possible threat of phishing attacks and other cyber crimes persist for company’s users, that cannot be easily put to rest.