Tokopedia headquarters in Jakarta. (Photo courtesy of Tokopedia)

Tokopedia Investigates Data Breach Compromising 15m User Accounts


MAY 03, 2020

Jakarta. Tokopedia, one of the largest e-commerce companies in Indonesia, is investigating a rumored breach to more than 15 million of its customer accounts, a company representative said in a statement on Saturday. 

"We found attempts to steal data from Tokopedia users, but Tokopedia ensured that important user information, such as passwords, remain protected," Nuraini Razak, Tokopedia's vice president of corporate communication, said in the statement. 

"At present, we continue to investigate, and there is no further information we can convey," she said.

"We always try to maintain the confidentiality of user data because Tokopedia's business is a business of trust. User data security is Tokopedia's top priority," Nuraini said. 


A hacker leaked 15 million Tokopedia user accounts following an exploit in March, according to a report from ZDNet, an American technology news website.

The data contain emails, hashed passwords, and user names but did not contain a critical feature that would allow the hacker to crack the hashed password immediately, the report said.

That should give time to compromised Tokopedia users to change their password. Tokopedia's Nuraini also encouraged users to take the necessary precaution. 

"Although the user's passwords and other crucial information are still protected behind encryption, we encourage Tokopedia users to keep changing their account passwords regularly for security and convenience," Nuraini said.

Since its inception in 2009, Tokopedia has raised a total of $2.9 billion in funding with backers to include Chinese e-commerce giant Alibaba and Japan's multinational holding company Softbank. 

Tokopedia has more than 7 million merchants on its platform, serving more than 90 million visitors every month, according to the company's recent statement.