A Bunch Of Details
As ZDNet reported, an unknown hacker has posted a part of the huge database he stole from Tokopedia in March this year. The records consist of the user’s full name, email address, hashed password, phone number, and date of birth. Further, there’s also a bunch related to Tokopedia like account creation date, last login, password reset codes, location details, email activation codes, messenger IDs, about-me fields, education, etc. The database is a PostgreSQL dump, and the passwords are hashed with SHA2-384 algorithm, which is harder, but still possible to crack. Hacker has posted a part of this dump, asking others to try cracking password hash and access the account. Being tough, it gives users a significant amount of time to react to the issue, by changing their passwords to be safe. An email request by ZDNet wasn’t answered yet, but Tokopedia says it’s investigating the matter to a breach monitoring firm, Under the Breach.
