BukalaPak

In March 2019 the Indonesian ecommerce giant Bukalapak experienced a significant security incident involving the theft of user data by a hacker known as Gnosticplayers. The breach actually originated from backups dating back to October 2017. The compromised data included sensitive information for approximately 13 million users. The breach involved the extraction of records from the company production database which were subsequently offered for sale on darknet marketplaces. Security researchers confirmed that the passwords were protected using Bcrypt and SHA-512 hashing algorithms with salt which provides some level of protection against decryption but the sheer volume of personal data leaked posed a high risk for phishing and credential stuffing attacks.