Bukalapak.com
  • Total Records12,957,567
  • Unique Emails13,006,878
  • Unique Email Providers152,181
  • Unique Usernames13,039,443
  • Unique First Names9,104,774

Bukalapak Data Breach: What Happened in March 2019?

In March 2019, Bukalapak, one of Indonesia’s largest e-commerce platforms, disclosed a data breach that impacted more than 12.9 million user accounts. Hackers managed to access a backup of the company’s database from October 2017, exposing sensitive user information. The compromised data included email addresses, full names, usernames, and passwords that were securely protected using bcrypt and salted SHA-512 hashing methods. This incident attracted widespread attention in the digital community, given the scale of Bukalapak’s user base and the nature of the exposed details.

How Did the Bukalapak Breach Occur?

The breach stemmed from attackers gaining access to backup data stored from October 2017. While the exact method hasn’t been publicly detailed, the unauthorized access was quickly detected by Bukalapak’s security teams. The breach did not involve access to payment information or financial details; instead, the focus was on user credentials and associated records from the company's backup systems.

What Data Was Exposed in the Bukalapak Breach?

The breach resulted in the exposure of several pieces of user information. Specifically, the data included:

  • Email addresses
  • Usernames
  • Full names
  • Password hashes (bcrypt and salted SHA-512)

The use of secure password hashing techniques meant attackers did not have direct access to plain-text passwords, but the incident still raised significant concerns around user account protections and potential phishing risks.

How Many Users Were Impacted?

In total, the Bukalapak data breach affected 12,957,568 user accounts. This represents a sizeable portion of the platform’s user base at the time, underscoring the breach's impact within Indonesia’s online marketplace ecosystem.

Timeline of the Bukalapak Breach

  • October 2017: Date of the compromised backup data.
  • March 2019: Bukalapak identified and disclosed the security breach after discovering unauthorized access to their backup files.

While there are no public reports of how the data has been used since, news of the breach emphasized the importance of security hygiene and proactive incident management.

Frequently Asked Questions

What happened in the Bukalapak data breach?

In March 2019, attackers accessed Bukalapak’s backup database from October 2017, exposing user information such as emails, full names, usernames, and hashed passwords for nearly 13 million accounts.

How many users were affected by the Bukalapak 2019 breach?

Approximately 12,957,568 user accounts were impacted by the Bukalapak data breach in March 2019.

What user data was leaked in the Bukalapak breach?

The leaked information included email addresses, full names, usernames, and password hashes (bcrypt and salted SHA-512) of Bukalapak account holders.

Who was behind the Bukalapak data breach?

The identities of the attackers have not been publicly revealed, and no specific group has claimed responsibility for the incident.

How can I check if I'm in the Bukalapak breach?

You can check if your information was part of the Bukalapak breach by utilizing the DeHashed search engine.