After the Bukalapak Data Hacking Issue and Youthmanual, Efforts Need To Be Done

Today news broke about hacking site data with a large user base. Reported The Hacker NewsHowever, two Indonesian sites were also affected, namely Bukalapak and Youthmanual. It is claimed that there are at least around 13 million record stolen Bukalapak user data (as of July 2017). Meanwhile, for the millennial career site Youthmanual, the data stolen is around 1,12 million record data (as of February 2019).

These data are now traded through the Dream Market or known as the black market in cyberspace -- taking advantage of cryptocurrency as a medium of exchange. The data taken includes the name of the user, username, email, password encrypted with hash, and other personal details.

Bukalapak Clarification and Youthmanual

We have tried to confirm directly to Bukalapak and Youthmanual. Bukalapak confirmed that there had been an attempt to hack the site some time ago. However, it ensures that there is no important data such as user password, financial information, and personal information obtained.

"We confirmed that there was indeed an attempt to hack Bukalapak some time ago, but there was no important data such as user password, financial or other personal information obtained. We always improve the security system at Bukalapak, to ensure the safety and comfort of Bukalapak users, and ensure that important user data is not misused. Hacking attempts like this have the potential to happen in the digital industry," said Bukalapak Head of Corporate Communications Intan Wibisono.

One of the preventive actions that Bukalapak recommends to users is to change passwords periodically and activate the Two-Factor Authentication (TFA) feature.

While to DailySocial Youthmanual also confirmed that there had been a hacking attempt on its platform. The repressive effort is to reset all users' passwords.

"This afternoon, we confirmed that there had been a hacking attempt but Youthmanual had taken precautions byreset password all users. We also urge all users to change all information Password time login return. Currently team engineering Youthmanual conducts comprehensive system audits and evaluations to ensure our systems and infrastructure are safe, assisted by the best cybersecurity practitioners in the region," said Founder & CEO of Youthmanual Rizky Muhammad.

Anticipatory action

In response to this incident, we tried to contact several cybersecurity experts, one of which was Onno W. Purbo. In his statement Onno said that there are at least four things that need to be done by a digital platform that finds an attack hacker. First, a comprehensive security evaluation must be carried out, in technical terms it is called "penetration test", to ensure that successfully infiltrated loopholes can be patched immediately.

Onno suggested that digital companies that already have a large user base need to immediately evaluate procedures, at least until they meet ISO 27001 (global standardization of information security management systems) and ISO 31000 (global standardization for risk management related to information security).

Internal and user training activities related to information security are also considered to be able to become routine initiatives by digital companies. As the largest internet market share in Southeast Asia, indeed increasing digital literacy for the community is still a chore for the parties. Ideally, the industry will also participate in enhancing these capabilities.

"Attacks that are most successful are at the weakest points on a system. It can be from the user side, admin negligence, and others," said Onno explaining the origin of the attack. hacker started.