Tokopedia admits there are efforts to steal user data

Jakarta, CNN Indonesia – Tokopedia He admitted that there was an attempt to steal user data, which was relayed by Nuraini Razak, Tokopedia’s vice president of corporate communications, in connection with the issue of the leakage of 15 million Tokopedia user accounts.

“Regarding the issues in circulation, we found an effort to steal data from Tokopedia users, but Tokopedia ensured that important user information, such as passwords, remained successfully protected,” the official wrote in a statement. Saturday (2/4).

“Currently, we are continuing to investigate and there is no further information that we can transmit,” he continued.

However, he suggested that Tokopedia users continue to change their account passwords regularly for security and convenience.

Previously, the @underthebreach account claiming to be an Israeli data leakage surveillance and prevention service leaked screenshots of the leaked Tokopedia data via Twitter.

User data was filtered in the form of emails, keyword hashes, names, etc. This is tweeted by an account that claims to be a surveillance service and prevention of data leakage from Israel.

In the screenshots shared on social networks it is said that the hacker has yet to solve the algorithm to open the hash of Password Those users. The hacker also asked other hackers for help to unlock the algorithm.

The following screenshot, this information leak account includes a part of the user accounts that can be opened through the site. The user’s name, email and phone number appear on the site.

According to Nuraini, despite an attempted theft, important user information, such as passwords, was still successfully protected because it was encrypted.

Tokopedia calls the user’s password and crucial information to stay protected behind encryption. In addition to that, Tokopedia also applies multiple layers of security to protect user accounts.

One of them uses OTP (one-time password) sent by SMS and only the account owner can access it in real time. For this reason, you expect users not to give OTP codes to anyone and for no reason.

Previously, Pakistani hacker Gnosticplayers claimed to have hacked dozens of popular websites, including one Bukalapak.

Gnostic players revealed that there are 13 million Bukalapak accounts that have been hacked and sold on Dream Market, a buy and sell site on the dark web. Bukalapak also admitted that there was a hacking attempt on his site. (former)