Gadgetren – Alleged leak of Tokopedia account user data is now being investigated deeply by internal parties together with the Ministry of Communication and Information Republic of Indonesia. This news itself previously came from the Twitter account @underthebreach on May 2, 2020.
These accounts often upload information about data leakage cases spread across cyberspace. In his tweet, he share information that there are around 15 million user data Tokopedia accounts are distributed on dark or Dark Web sites where the data was obtained around March 2020.
Furthermore, @underthebreach then updated the information that the leaked Tokopedia user account numbered 91 million and more than 7 million merchant data was sold on the black site at a price of 5,000 USD or Rp 74 million and now the value has increased again to 7,000 USD or worth Rp 106 million.
Then what Tokopedia user data is leaking? The @underthebreach account in his post provided an image that revealed some user information in a database file.
The data is in the form of a PostgreSQL database dump containing user information such as full name, email, telephone number, hash password, date of birth, and details related to the Tokopedia profile including account creation date, last login, email activation code, password reset code, details location, messenger numbers, hobbies, education, about-me, and more.
This PostgreSQL database also allegedly did not have a specific code known as salt. Which with the algorithm, the user's hash password cannot be hacked easily, so hackers need more time to read the user's password.
The hash password is currently still considered safe, but it is still not perfect, so Tokopedia and the government have advised all users to change the password as soon as possible for the sake of security of their data.