13 Million Bukalapak User Data Reportedly Leaking

After Tokopedia, now it’s the turn of user data that is claimed to have leaked from the Bukalapak platform to be sold on the dark web, Raid Forums. There are at least four hackers (hackers) who have sold data on one of the country’s unicorns since the beginning of this year.

Hackers with jffyh usernames claim to have a database (database) including passwords from several platforms, including Bukalapak. This data was sold on 3 March. Then, the hacker with the name Asian Boy said he had almost 13 million data on Bukalapak users. “I sell the Bukalapak database, 12,960,526 users,” he said through Raid Forums, today (6/5).

Another hacker, Startexmislead also claimed to have data on nearly 13 million Bukalapak user accounts. “Contact me at the PM, will not accept offers outside the platform (PM),” he said.

In fact, he gives examples of the data he sells. Some of them show the names of Bukalapak officials such as founder Achmad Zaky, Nugroho Herucahyono, and Fajrin Rasyid. Zaky and Nugroho are no longer in Bukalapak, but had served as CEO and CTO. While Fajrin is the President of Bukalapak.

Hackers by the name TWV35 also offer 13 million records from the leaked Bukalapak platform. “As many as 13 million records were leaked from them, 500 thousand are being distributed,” he said.

The Company Claimed the Leaked Data Is Old Data

Previously, citizens also highlighted the security of the Bukalapak platform when checking their accounts on the hacking check site. In fact, at that time they were looking for a hacked Tokopedia account or not. From there, they just learned that the Bukalapak account was broken into in 2018 or 2019.

In response, Bukalapak said that the threat of hacking by irresponsible parties to the digital technology industry was always there. Even so, the Head of Corporate Communications, Intan Wibisono emphasized that his company always implements various efforts to improve the safety and comfort of users.

Bukalapak also ensures that user data is not misused. “We apply a multiple system protections when receiving, storing, using, and processing all user data,” Intan told Katadata.co.id, Monday (4/5).

Responding to the news, the company stated that no new data had been compromised. The data is old data. “That is not true. The circulated link is information from last year’s incident, “said Head of Corporate Communication Bukalapak Intan Wibisono, Wednesday (6/5).

CEO Bukalapak Rachmat Kaimuddin also said that the company tightened consumer data protection. Mainly, after a hacking attempt last year, which stole the old data set until 2017.

Bukalapak Make Sure Its User Data Is Safe

Intan also ensures that the consumer data is safe. “User data security is our priority so that from time to time, we always implement various efforts to improve the security and comfort of users,” he said in his official statement, to Katadata.co.id, Wednesday (6/5).

When receiving user data, companies use the https method so that it is not easily hacked. Then, when storing user data, the company applies the latest protection method with multiple layers of protection.

Then, when using and processing user data, the company monitors closely, so that the traces of people who access, read, replace, or delete recorded data.

“For sensitive data such as ID cards, we store them in special storage for a certain period of time and can be automatically erased to protect the privacy of our users,” Intan said.

Intan ensures that the company always guides all users to take preventative measures, in accordance with the company Privacy Policy. Bukalapak also implements five preventative measures for users.

Among them changing account passwords periodically, activating two-step verification (two-factor authentication), being more careful about phishing, updating personal data regularly, and securing financial data.