ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Bukalapak Data Breach

bukalapak.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 13,369,666
Breach date 23 Oct 2017
Added to tracker 18 Apr 2019
Data classes 5

What happened

In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes.

Exposed data

Email addresses IP addresses Names Passwords Usernames

Recommended actions

  • Change your Bukalapak password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Bukalapak โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP