Gadgetren – The Ministry of Communication and Information has requested the management of the Tokopedia digital platform to conduct an internal investigation. This is intended to ensure the alleged leak of data that occurs on the marketplace platform.
Previously, Tokopedia has justified the attempt to break into user data. The response was given following the issue of breaking into 15 million users of Tokopedia data on Sunday (03/05/2020).
Johnny G. Plate as Minister of the Ministry of Communication and Information said that his party had corresponded and coordinated with Tokopedia. “The Kominfo technical team has conducted technical coordination to follow up on the issue of breaking into user data,” he said on the Ministry of Communication and Information site (05/03/2020).
In this case the Ministry of Communication and Information has asked Tokopedia to do three things to ensure the safety of user data. The first thing Tokopedia has to do is to immediately secure the system to prevent the spread of data leaks.
Second, notify the account owner that the possibility of personal data exposed. And third, conduct an internal investigation to ascertain a suspected leak of data and if it has occurred, find out the cause.
The Ministry of Communication and Information has also requested a report regarding the alleged leak of data to the account owner, the security measures taken by the system, and the potential impact on the data owner. “We are still waiting for the report to be completed,” he said.
Tokopedia itself reportedly has said that their security system uses passwords that are stored in the form of hashes. In addition, Tokopedia has also used the OTP feature as two factors authentication so that users are always asked to enter new code in real-time every time they log in.
The Ministry of Communication and Information also urged people to maintain the security of their accounts by routinely changing passwords and not easily trusting other parties asking for passwords or OTP codes.
“Passwords and OTPs are only needed by the system. So if there is a password or OTP request from an individual, it is certain that it is a fraud, “he explained.
Further related to this issue, the Ministry of Communication and Information has asked the Director General of Aptika to summon the Directors of Tokopedia to provide an explanation regarding this matter. Tokopedia user account data leaks are being handled using the Information and Electronic Transaction Law (ITE) and Government Regulation Number 71 Year 2019.
Tokopedia as the Electronic System Provider (PSE) has the obligation to meet the Personal Data Protection Standards contained in Government Regulation Number 71 Year 2019 concerning Organizing Electronic Systems and Transactions, and Regulation of the Minister of Communication and Information Technology Number 20 Year 2016 concerning Protection of Personal Data in Electronic Systems.