According to security researchers, a hacker is selling a database that contains the credentials of 91 million Tokopedia accounts on a dark web marketplace for approximately $5,000. Research claim that threat actors have begun to crack the passwords to the popular online store and share them online. Tokopedia is widely popular in Indonesia, ranking second in online stores, and boasts 4,700 employees and over 90 million active users.
Tokopedia was alerted of the breach after a cybersecurity intelligence firm Under the Breach discovered the dark web market listing. According to Under the Breach, the hacker was only offering information for 15 million users, however, the hacker claims that the listed data is a small portion of a 91 million user dump stolen from the company during a cyberattack in March 2020.
Read More: Hacker sells 91 million Tokopedia accounts, cracked passwords shared