Reuters reports:
Tokopedia, Indonesia’s largest e-commerce platform, said it was investigating an attempted hack and claims that the details of millions of its users had been leaked online.
“We found that there had been an attempt to steal data from Tokopedia users,” a spokesman for the company said in a statement late Saturday.
Read more on Hindustan Times.
In related coverage, Catalin Cimpanu reports on ZDNet that someone has leaked about 15 million records from Tokopedia, seeking help with cracking the passwords. That dump has now appeared on at least one other site as well, and inspection of it suggests that claiming there was an “attempt” to steal data is a bit of an understatement as it appears data was stolen. As Cimpanu describes it:
The file was a PostgreSQL database dump, containing user information such as full names, emails, phone numbers, hashed passwords, dates of birth, and Tokopedia profile-related details (account creation date, last login, email activation codes, password reset codes, location details, messenger IDs, hobbies, education, about-me fields, and lots more).