ShellCodeX Breach Report
Tokopedia Data Breach
tokopedia.com
Verified breach
Passwords exposed
Accounts exposed
71,443,698
Breach date
17 Apr 2020
Added to tracker
02 May 2020
Data classes
5
What happened
In April 2020, Indonesia's largest online store Tokopedia suffered a data breach. The incident resulted in 15M rows of data being posted to a popular hacking forum. An additional 76M rows were later provided to HIBP in July 2020. In total, the data included over 71M unique email addresses alongside names, genders, birth dates and passwords stored as SHA2-384 hashes.
Exposed data
Dates of birth
Email addresses
Genders
Names
Passwords
Recommended actions
- Change your Tokopedia password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Tokopedia — attackers weaponise breach data quickly.
- Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP