Hacker sells 91 million Tokopedia accounts, cracked and shared passwords.

Hacker sells 91 million Tokopedia accounts, cracked and shared passwords.

 

Hacker sells 91 million Tokopedia accounts, cracked and shared passwords.

A hacker is promoting a database containing the data of 91 million Tokopedia accounts on a darkish internet marketplace for as little as $5,000. Different risk actors have already began to crack passwords and share them on-line.

Tokopedia is Indonesia’s largest on-line retailer, with 4,700 workers and over 90 million energetic customers.

This weekend, information breach monitoring and cybersecurity intelligence agency Underneath the Breach found {that a} hacker was providing the account info for 15 million Tokopedia customers on a web based hacker discussion board.

To entry this information, discussion board customers would wish to spend eight web site ‘credit’, which prices roughly €2.13.

The hacker claims that this information was a small subset of a extra substantial 91 million person dump stolen from Tokopedia throughout a March 2020 hack.

Quickly after the smaller subset was launched on the hacker discussion board, the identical hacker started promoting the complete 91 million person database on a web based prison market for as little $5,000. On the time of this writing, the database has been offered two occasions.

Hacker sells 91 million Tokopedia accounts, cracked and shared passwords.91 million Tokopedia customers being offered on-line

From a pattern of the leaked information shared with BleepingComputer by Underneath the Breach, the dump was for a PostgreSQL database that incorporates many fields for private person information, however solely a small subset truly include info.

Probably the most critical of the uncovered information consists of a person’s e mail tackle, full identify, beginning date, and hashed person passwords. Among the uncovered accounts even have their cell system’s Cell Station Worldwide Subscriber Listing Quantity (MSISDN) listed.

Hacker sells 91 million Tokopedia accounts, cracked and shared passwords.Picture of redacted PostgreSQL database

Whereas Tokopedia has not made an official announcement about this breach, Tokopedia has advised Underneath the Breach that they’re investigating the scenario.

Reuters was additionally advised by the net retailer that they detected an try and steal information from the corporate.

“We discovered that there had been an try and steal information from Tokopedia customers,” a spokesman advised Reuters.

BleepingComputer has contacted Tokopedia however has not acquired a response as of but.

Hackers begin to supply dehashed passwords

Underneath the Breach has advised BleepingComputer that risk actors have already began to share over 200,000 person names and their related dehashed, or cracked, passwords on hacking boards.

These dehashed accounts are being shared free of charge to make use of who merely reply to the discussion board subject or who’ve upgraded accounts on the discussion board.

Cybersecurity intelligence agency Cyble has additionally advised BleepingCompter that they’re conscious of risk actors who declare to be promoting an inventory of thousands and thousands of Tokopedia usernames and their related dehashed, or cracked, passwords for simply $8,000.

Cyble believes the database has been privately circulating since April, and now that it’s publicly leaked, the risk actor determined to promote their dehashed account checklist earlier than others launch it.

BleepingComputer has not been in a position to independently affirm if these are professional dehashed accounts or if the risk actor is attempting to drag a cash seize rip-off.

Cyble has said that they acquired the Tokopedia database and customers can test if their account has been uncovered by way of Cyble’s information breach monitoring platform amibreached.com.

All Tokopedia customers ought to make the idea that if their passwords isn’t dehashed already, it could be sooner or later, and may instantly change their password to a novel one solely used at that web site.

For another web site that the identical password was used, it needs to be modified to a novel one there as nicely.

Lastly, all customers who have been uncovered by this information breach needs to be looking out for focused phishing assaults that make the most of the data from this information dump.

hacker leaks 15 million records from tokopedia,tokopedia hack,hacker group floods dark web with data stolen from 11 companies,bukalapak leaked data,tokopedia leak,how do i know if my password was stolen,unacademy data breach,tokopedia data hack

More Stories
If you’re relying on older Xilinx FPGAs to keep your product’s hardware code encrypted and secret, here’s some bad news.