- Total Records91,173,990
- Unique Emails72,404,699
- Unique Email Providers124,497
- Unique Usernames20,033,526
- Unique First Names40,089,925
- Unique VIN Numbers5,110,396
Inside the 2020 Tokopedia Data Breach: What Really Happened?
In April 2020, Tokopedia, Indonesia's largest online marketplace, experienced a breach that impacted more than 91 million of its users. The breach, one of Indonesia’s largest to date, resulted in the exposure of usernames, email addresses, hashed passwords, full names, birthdays, and additional personal details such as home addresses, company data, and sometimes social information. Tokopedia serves as the backbone for e-commerce across Indonesia, connecting buyers and sellers in a rapidly growing digital market. The information breach surfaced when data appeared for sale on hacking forums, raising concerns over the security of personal information for many Indonesians. The initial breach likely occurred on or around April 1, 2020, and soon after, details of the compromised user accounts began circulating online, putting millions at risk of unwanted contact or further compromise.
What Information Was Exposed in the Tokopedia Breach?
The attackers managed to obtain a wide range of data, including:
- Usernames and email addresses
- Hashed passwords
- Full names and birth dates
- Home addresses, including city, state, and zip code
- Company and occasionally social-related information
While hashed passwords provide an extra layer of security compared to plain text, exposure of this many fields together can still create major privacy concerns, especially when combined with personal and business information.
How Many Users Were Affected?
Approximately 91,173,991 user accounts were impacted by the breach, making it one of the most significant data exposures in Indonesia’s digital history. The sheer scale increased the risks of phishing, account takeover attempts, and identity theft for users across the platform.
Timeline: How Did Events Unfold?
The breach took place in early April 2020, and it quickly made headlines as millions of records surfaced for sale online. Security researchers and Tokopedia’s own investigation pointed to April 1st as the probable date of unauthorized access. Not long after, the company began communicating with users and authorities while working to contain the fallout and assess the impact.
Who Was Behind the Tokopedia Breach?
As is often the case in large-scale data breaches, the exact identity of the attackers remains unknown. The stolen data was leaked and marketed on various online forums, but no group definitively claimed responsibility, and the motivation behind the breach remains unclear to this day.
Frequently Asked Questions
What happened in the Tokopedia data breach?
In April 2020, unauthorized attackers accessed Tokopedia's user database, exposing sensitive account information like emails, hashed passwords, names, and addresses. The data was later found being traded online.
How many users were affected in the Tokopedia hack?
About 91 million user records were impacted in the Tokopedia data breach.
What data was leaked in the Tokopedia breach?
Information that was leaked includes usernames, emails, hashed passwords, full names, dates of birth, addresses, company data, and sometimes social profiles.
How can i check if i'm in Tokopedia data breach?
You can check if your information was part of the Tokopedia breach by utilizing the DeHashed search engine.