“We found that there had been an attempt to steal data from Tokopedia users,” a spokesman for the company said in a statement late Saturday.
“However, Tokopedia ensures that crucial information such as passwords remains successfully protected behind encryption.”
“At this moment, we continue to investigate further into this matter and there is no additional information that we can share,” the statement added.
Data breach monitoring firm Under the Breach published a Twitter post on Saturday showing screenshots from an unnamed individual who claimed he had acquired the personal details of 15 million Tokopedia users during a March 2020 hack on the e-commerce site.
According to the screenshots, which show names, emails and birthdays, the hacker alleges he or she is in possession of a much bigger user database and asks for assistance to “crack” users’ passwords.
Under the Breach, which monitors cyber crime, said on Sunday the hacker had updated the post to offer the details of 91 million users for “$5,000 on the Darknet”. The firm shared a screenshot of the hacker’s proposed offer posted online.
Backed by $2 billion in funding from investors including SoftBank Group Corp’s Vision Fund and Alibaba, Tokopedia, whose founder and CEO William Tanuwijaya is one of the country’s most prominent tech entrepreneurs, claims more than 90 million monthly active users.
A Tokopedia spokesman declined to comment directly on the hacker’s claims, but told Reuters on Sunday that “all transactions with all payments methods at Tokopedia … remain secure.”
(Reporting by Fanny Potkin; Editing by Michael Perry and Himani Sarkar)