Tokopedia says personal info secured despite data breach attempt


Indonesian eCommerce platform Tokopedia has confirmed there is an ongoing investigation on an attempted data breach. The company said while the attempt was to steal data from Tokopedia users, crucial information such as passwords, remain successfully protected behind encryption. Tokopedia also ensured there was no breach of payment data. In a statement to Marketing Interactive, Nuraini Razak, VP of corporate communications Tokopedia said all transactions with payment methods at Tokopedia, including debit cards, credit cards, and OVO, remain secure.

“Nonetheless, we encourage all Tokopedia users to regularly change their account passwords for the sake of security and convenience. Tokopedia implements multiple layers of security, including OTP which can only be accessed in real-time by the account owner. We also would like to consistently remind all users not to provide OTP codes to anyone regardless of any reason,” Razak explained. According to Razak, Tokopedia is a business of trust and the company strives to maintain the confidentiality of the users’ data, she said, adding:

Security in user data is Tokopedia's utmost priority.

This comes following a Twitter post by data breach monitoring firm Under the Breach, which included screenshots from a hacker who claimed to have obtained access to 15 million Tokopedia users' details. According to the tweet by Under the Breach, the hack occurred in March 2020 and affects 15 million users as the database contains emails, password hashes and names. 

In a follow up tweet, Under the Breach said the hacker offered 91 million users' details for US$5,000 on the Darknet. The screenshot below was captured by Under the Breach. Tokopedia has declined to comment on the hacker's claims, but emphasised that its payments methods remain secure. 

 tokopedia breach

Marketing Interactive's Content 360 conference is going virtual, and will bring together industry leaders to discuss challenges and share insights on future content marketing trends, as well as successful strategies to help tackle the complex marketing landscape. Sign up here!

Recently, Tokopedia has been clamping down on merchants profiteering on its platform. The eCommerce company has since shut down about thousands of online merchants on its platform for selling personal protective equipment at exorbitant rates amid the COVID-19 pandemic. According to an article on Jakarta Globe, the eCommerce giant said it has also banned the display of over 10,000 products that breach Tokopedia's terms and policies.  

Since the spread of COVID-19 in Indonesia, Tokopedia has seen an increase in purchases related to health products and basic supplies. These include masks, antiseptic items and hand sanitisers as well as healthy food, Jakarta Globe reported.. The eCommerce giant also said in the article that it has been supporting the Indonesian government by offering free shipping for products in the health and basic essentials categories. In addition, Tokopedia staff have also been asked to work from home as the cases in Indonesia grow. There were over a 1,000 reported COVID-19 cases in Indonesia at the time of writing, according to the World Health Organisation.

Related articles:
Tokopedia clarifies claims of BTS ad allegedly promoting LGBT nuances