The threat actor also vows to leak 200 million Indonesian citizenship data soon.
Last month Hackread.com exclusively reported how the Indonesian e-commerce giant Tokopedia was hacked by dark web hackers and personal details of 92 million of its customers were being traded and sold on dark web marketplaces and several hacker forums.
Now, a threat actor has leaked a trove of personal and electoral data claiming it belongs to 2.3 million Indonesian citizens. According to the sample data seen by Hackread.com, the data appears to date back to 2013 and seems to be stolen from the official website of The General Elections Commission or Komisi Pemilihan Umum (KPU) in Indonesian.
The 2.36 GB of data has been divided into several folders all containing the data in PDF files including full names, addresses, registration numbers, family card numbers, date of birth and place of birth, etc.
Screenshot of the listing (Source: Under The Breach)
What’s worse for Indonesian citizens is that the threat actor is claiming to have access over 200 million Indonesian citizenship data which they plan to leak on the hacker forum where the electoral data is currently being traded.
While sharing the reason for leaking the citizenship data, the hacker stated that,
I decided to share with you about 2.3 million Indonesia citizenship and election data cause I think Indonesian data seems rare in this forum (referring to the hacker forum where the data has been leaked).
Commenting on the leak, one of the representatives from breach monitoring service Under The Breach who alerted Hackread.com of the breach said that,
“The actor who leaked the database isn’t necessarily the person who first obtained it, it would make sense for a niche database of that sort to be circling around smaller Indonesian based forums until it surfaces on a larger cybercrime forum.”
It is worth noting that a couple of weeks ago, another hacker was found selling almost 13 million user accounts belonging to Bukalapak, one of the largest e-commerce companies in Indonesia. The database was from 2017 and apparently, Bukalapak acknowledged the hack on 12 April 2019.
Someone is selling almost 13 million user accounts belonging to #Bukalapak, one of the largest e-commerce companies in #Indonesia. The database is from 2017 and apparently, Bukalapak acknowledged the hack on 12 April 2019. To be on the safe side change your passwords. pic.twitter.com/AI5Ryjkomi
— HackRead.com (@HackRead) May 6, 2020
Nevertheless, one after another data breach should come as a massive blow to Indonesians especially authorities responsible to protect such sensitive data.