Indonesia's Tokopedia probes alleged data leak of 91 million users

Founder and CEO of Indonesian e-commerce firm Tokopedia, William Tanuwijaya

SINGAPORE (Reuters) - Tokopedia, Indonesia’s largest e-commerce platform, said it was investigating an attempted hack and claims that the details of millions of its users had been leaked online.

“We found that there had been an attempt to steal data from Tokopedia users,” a spokesman for the company said in a statement late Saturday.

“However, Tokopedia ensures that crucial information such as passwords remains successfully protected behind encryption.”

“At this moment, we continue to investigate further into this matter and there is no additional information that we can share,” the statement added.

Data breach monitoring firm Under the Breach published a Twitter post on Saturday showing screenshots from an unnamed individual who claimed he had acquired the personal details of 15 million Tokopedia users during a March 2020 hack on the e-commerce site.

According to the screenshots, which show names, emails and birthdays, the hacker alleges he or she is in possession of a much bigger user database and asks for assistance to “crack” users’ passwords.

Under the Breach, which monitors cyber crime, said on Sunday the hacker had updated the post to offer the details of 91 million users for “$5,000 on the Darknet”. The firm shared a screenshot of the hacker’s proposed offer posted online.

Backed by $2 billion in funding from investors including SoftBank Group Corp’s Vision Fund and Alibaba, Tokopedia, whose founder and CEO William Tanuwijaya is one of the country’s most prominent tech entrepreneurs, claims more than 90 million monthly active users.

Tokopedia did not immediately respond to requests for comment on the hacker’s new claims. A spokesman for the firm declined to comment on Saturday on the original screenshots.