ShellCodeX Breach Report
Bukalapak Data Breach
bukalapak.com
Verified breach
Passwords exposed
Accounts exposed
13,369,666
Breach date
23 Oct 2017
Added to tracker
18 Apr 2019
Data classes
5
What happened
In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes.
Exposed data
Email addresses
IP addresses
Names
Passwords
Usernames
Recommended actions
- Change your Bukalapak password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Bukalapak โ attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP