Tokopedia hacked – Login details of 91 million users sold on dark web

Another day, another data breach – This time hackers have targeted Tokopedia and stole login data of 91 million user accounts.
Tokopedia hacked - Login credentials of 91 million users sold online

The Indonesian e-commerce giant has over 90 million users.

Another day, another data breach – This time hackers have targeted Tokopedia and as a result, personal and login credentials of 91 million users are being sold on a dark web marketplace for $5000.

Tokopedia is an Indonesian technology company specializing in e-commerce. Founded in 2006; the company has become a giant with more than 91 million registered users/customers and over 7 million merchants.

Bonus: Best legal & free online streaming sites for movies & TV shows 2020 (no signup or payment card required)

However, the bad news for Tokopedia users is that apparently, the company has suffered a massive breach and personal data of users is at risk. This data includes:

Gender
Location
Username
Full name
Email address
Phone numbers
Hashed password

Although yet unconfirmed; it seems like the database does not contain payment card data of users or merchants.

Tokopedia hacked - Login credentials of 91 million users sold online
Screenshot from the dark web marketplace where Tokopedia’s data is being sold (Image credit: Hackread.com)

The data breach monitoring firm Under the Breach who is familiar with the incident has confirmed to Hackread.com that the database being traded online contains authentic data belonging to Tokopedia and includes data till March 2020. We have also seen the sample data and can confirm that Tokopedia has indeed suffered a breach.

Preview of sample data is available below:

Tokopedia hacked - Login credentials of 91 million users sold online
Sample data

Hackread.com has also sent emails to some of the victims who have confirmed that they are registered users on Tokopedia for several years. 

The aftermath of this breach will be long-lasting especially on customers and merchants who will now suffer series of email scams as previously seem where cybercriminals used the victim’s real password from data breaches to carry out extortion and identity theft-related scams.

See: Exercise tech firm Kinomap leaks 40GB database with 42M records

Nevertheless, if you have an account with Tokopedia, Hackread.com advises you to change it immediately. Moreover, also change the password for your login email and keep an eye on any malicious activity on your account.

Update: 03 May 2020, 20:06 (GMT)

Hackread.com can now confirm that the hacker has sold Topopedia’s database to at least 2 buyers. One of the buyers has also left positive feedback verifying that the data is authentic. Here is an exclusive screenshot showing sale and feedback:

Tokopedia hacked - Login credentials of 91 million users sold online
Image (Hackread.com)

However, we have also learned that the same hacker has now uploaded 4 new databases offering millions of login credentials. These databases include:

Unacademy

An e-learning platform based in India that claims to be the country’s “largest learning platform.” Currently, the hacker is selling login credentials of 20 million Unacademy users for $2,000.

Chatbook

Chatbooks is a mobile app that creates photo books using your digital photos. Currently, the hacker is claiming selling login credentials of 15 million users for $2,000.

The Daily Chronicle

The same hacker is also claiming to sell 3 million accounts from The Daily Chronicle, an online news website covering local news in DeKalb County, Illinois. It is quite possible that the hacker breached the site and stole details of its subscribers. Currently, the data is being sold for $1,500.

Knock CRM

Knock is a Seattle based lead management and communication platform and apparently it has suffered a data breach as well. Currently, the hacker is claiming selling login credentials of 15 million users for $1,200.

Tokopedia hacked - Login details of 91 million users sold on dark web
Image: Hackread.com

We have sent emails to all the above-mentioned companies for their response. Stay tuned.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Total
0
Shares
1 comment
  1. What’s Happening i’m new to this, I stumbled upon this I have found It absolutely helpful and it has helped me out loads. I hope to contribute & help different customers like its helped me. Good job.

Comments are closed.

Related Posts