Bhinneka, Indonesia’s top online store, had one of their databases compromised on January 27th, 2020. Instead of the data showing up for sale or the original attackers demanding an extortion payment, it was posted for free on a hacking forum. Two SQL files were included in the database and those files stored unique IDs, full names, email addresses, genders, contact numbers, passwords, address details, dates of birth, social media IDs, and details such as the last login information. The database records also included a classification of whether each user is an admin or a staff member, which also hints that the database may include employee details. In total, the file contained well over 1.2 million records comprising 762 MBs worth of data.
Analyst Notes
Any users involved in a breach where passwords are exposed are advised to change their password immediately and make sure the same passwords aren’t being reused on another site. Targeted phishing campaigns may also be carried out after a breach of this nature. Any user who believes they’ve been affected should be on the lookout for suspicious emails. Emails that seem irregular should be verified before being interacted with.
Source: https://www.hackread.com/indonesia-bhinneka-database-dumped-1-million-accounts/?web_view=true
