ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Tokopedia Data Breach

tokopedia.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 71,443,698
Breach date 17 Apr 2020
Added to tracker 02 May 2020
Data classes 5

What happened

In April 2020, Indonesia's largest online store Tokopedia suffered a data breach. The incident resulted in 15M rows of data being posted to a popular hacking forum. An additional 76M rows were later provided to HIBP in July 2020. In total, the data included over 71M unique email addresses alongside names, genders, birth dates and passwords stored as SHA2-384 hashes.

Exposed data

Dates of birth Email addresses Genders Names Passwords

Recommended actions

  • Change your Tokopedia password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Tokopedia — attackers weaponise breach data quickly.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP