Bukalapak

What Happened

In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes. The data was provided to HIBP by a source who requested it to be attributed to "Maxime Thalet".

Compromised Data

Email addresses
IP addresses
Names
Passwords
Usernames

Recommended Actions

Change Your Password

If you haven't changed your password on this service since the breach, do so immediately.

Enable Two-Factor Authentication

If 2FA is supported, add an extra layer of security to your account.

Sponsored
1Password

Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.

Try 1Password

Breach Overview

  • Affected Accounts:

    13.4 million

  • Breach Occurred:

    October 2017

  • Added to HIBP:

    18 Apr 2019

Recommended Actions

Change Your Password

If you haven't changed your Bukalapak password since 2017, do so immediately.

Enable Two-Factor Authentication

Add an extra layer of security to your account.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password