Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Tokopedia Indonesia Hacked! 15 million records leaked from Indonesia’s largest online store

tokopedia indonesia hacked

Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store
The Tokopedia data has been published on a well-known hacking forum

Privacy Ninja would like to ask everyone to change their passwords on all accounts if you are using the same passwords across multiple accounts!

A hacker has leaked on Friday the details of 15 million users registered on Tokopedia, Indonesia’s largest online store.

The hacker claims the data was obtained in an intrusion that took place in March 2020 and is just a small part of the site’s entire user database that was obtained in the hack.

The leaker said he was sharing the 15 million users sample in the hopes someone could help crack the user passwords, so they could be used to access user accounts.

ZDNet has obtained a copy of the leaked file with the help of data breach monitoring service Under the Breach.

The file was a PostgreSQL database dump, containing user information such as full names, emails, phone numbers, hashed passwords, dates of birth, and Tokopedia profile-related details (account creation date, last login, email activation codes, password reset codes, location details, messenger IDs, hobbies, education, about-me fields, and lots more).

Image: ZDNet

ZDNet has verified the authenticity of the leaked data against the official Tokopedia website.

An email containing a request for comment sent to Tokopedia returned an error message, but the company has told Under The Breach in a private online conversation that they are investigating the incident.

For the time being, Tokopedia users are advised to reset their account passwords.

The hashed passwords that the hacker wasn’t able to crack were secured with the SHA2-384 hashing algorithm, currently considered to be secure, although not infallible.

The hacker also said the database didn’t contain the “salt” random strings used to improve the security of the SHA2-384 hashing function. Without the salt strings, cracking the passwords would be a more time-consuming task, giving users enough time to change passwords in the coming days.

Tokopedia has raised a total of $2.4 billion in funding over nine rounds, and is currently one of Indonesia’s biggest tech unicorns.

The website is similar to Amazon, allowing users to buy products from the site or set up stores and sell products themselves. The site is currently ranked in the Alexa Top 200 most popular sites on the internet, and it claims to have more than 90 million monthly active users and more than 7 million registered merchants.

Updated on Sunday, May 3, to add that the hacker is now selling Tokopedia’s entire user database on the Empire dark web marketplace. The hacker claims they’re in possession of 91 million user accounts.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us