5 Cases of Alleged Data Leakage August 2022, From IndiHome to Gojek
9/03/2022
 |
| 5 Kasus Dugaan Kebocoran Data Agustus 2022, Ada IndiHome hingga Gojek |
Risdosagalavsjilong summarizes 5 cases of alleged data leaks throughout August 2022 involving a number of well-known companies such as IndiHome, Gojek, to PLN.
Cases of alleged data leaks have recently been reoccurring in Indonesia. In August 2022 alone, 5 cases have appeared in the news.
Throughout August 2022 alone, there have been several cases of alleged data leaks involving tens of millions of people's personal data. The data is distributed and even traded on hacker sites.
Based on Risdosagala , there were at least five cases of alleged data leaks that occurred during August 2022.
5 Cases of Alleged Data Leakage August 2022
1. Data of 21,000 Indonesian Companies
Some time ago it was reported that as many as 347 GB of important documents belonging to 21,000 Indonesian companies and foreign companies with branches in Indonesia were spread freely on the dark web.
The party who uploaded the data claims that the 347 GB of data contains identity cards (KTP) and taxpayer identification numbers (NPWP) of directors and commissioners, company NPWP, and shareholder family cards (KK).
In addition, there are also several passports of company management, company establishment deed and company change deed, taxable entrepreneur confirmation letter, company registration, business license.
In fact, the data also contains financial statements, profit and loss statements, transfer notes, checking accounts, annual notification letters (SPT), domicile certificates, bank reconciliations, and more.
2. PLN data
Last week, social media users, especially Twitter, were shocked by the alleged data leak of 17 million PLN customers. The data is sold on the breached.to site.
Based on the screenshots shared on the site, an account named "loliyta" appears, which claims to sell PLN user data including field ID, customer ID, customer name, energy type, KWH, home address, meter number, meter type, to the name of the UPI unit. .
In response, PLN spokesman Gregorius Adi Trianto said the data managed by PLN was in a safe condition. The circulating data is replication data, not actual transactional data and is no longer updated.
3. Data IndiHome Telkom
After the news of the alleged leak of PLN customer data, the public was again enlivened by the news that 26 million browsing history data or browsing of IndiHome users belonged to PT Telkom Indonesia Tbk. (TLKM) leaked and spread on hacker forums.
The data was uploaded by an account called Bjorka on the breached.to site. He claimed that there were 26,730,798 records of IndiHome customer data including date, keyword, domain, platform, browser, url or link, google keyword, IP (internet protocol), screen resolution, geographic location, to user info such as email, name, gender, national id card number or NIK.
VP Network/IT Stra, Tech and Architecture Telkom Rizal Akbar has moved quickly to investigate after receiving reports of alleged data leaks by collecting all recorded data uploaded on the site. As a result, the data is the result of engineering.
From the investigation conducted by Telkom, it was found that the number of uploaded recordings was 26,730,797 with the composition of browsing history data and personal data. The data is data for the period August 2018 to November 2019. The IndiHome ID number there is also not from the company numbering system.
4. Gojek Data
After the alleged leak of data from PLN and IndiHome Telkom customers, news emerged that said there was a leak of Gojek user data uploaded to the @/ndagels account on Twitter.
In his upload, the account owner shows the data that apocalypse99 sells through an anonymous community forum in cyberspace.
In response, Gojek Deputy Chief Corporate Affairs Audrey Petriny ensured that the data of all Gojek service users was safe. The company's Information Security team has also conducted an in-depth search and found no user data leaks.
"In line with this, Gojek confirms that the news that mentions the leaked Gojek user data is not true or a hoax," said Audrey.
5. Jasa Marga Data
The allegation of data leakage has been repeated again after data belonging to PT Jasa Marga was shared on the hackers breached.to forum. An account called Desorden claims to have 252 GB of data containing encoding, and documents, on five of their servers.
The data that was breached involved data from users, customers, employees, company data and Jasa Marga finances.
Corporate Communication Community Development Group Head PT Jasa Marga (Persero) Tbk. Lisye Octaviana ensures that the data referred to is internal and administrative data contained in the PT Jasamarga Tollroad Operator (JMTO) application and is certainly not related to customer data.
Regarding this issue, Lisye said that PT JMTO has now disabled the server affected by the attack and recovered the data and moved the system to a more secure server.
PT JMTO has also closed application security vulnerabilities and collaborated with competent parties in conducting cyber security assessments in the system at PT JMTO.
