Hacker puts personal data of 35M Indonesian passport holders up for sale on dark web

The personal information of nearly 35 million Indonesian passport holders has emerged on the dark web, available for purchase at a staggering price of $10,000. The responsible party behind this breach is none other than the notorious hacktivist Bjorka, who has gained notoriety for routinely criticizing the Indonesian government and disclosing damaging information about lawmakers on social media platforms.

The revelation came to light when Indonesian security researcher Teguh Aprianto shared a series of tweets outlining the incident. Aprianto disclosed that a hacker, suspected of Bjorka, had listed sensitive details of Indonesian passport holders for sale. This comprehensive dataset includes individuals’ full names, birthdates, genders, passport numbers, and passport validity dates.

To substantiate the authenticity of the leaked data, the threat actor behind the breach released a sample of one million records. Aprianto confirmed the validity of the information, indicating that the timestamp on the data ranged from 2009 to 2020.

Upon learning of this alarming breach, Indonesia’s Ministry of Communication and Informatics, commonly called Kominfo, swiftly investigated the reported theft of personal information concerning approximately 34.9 million Indonesian citizens. Director-General of Informatics Applications, Semuel A. Pangerapan, stated that while the ministry has yet to confirm the extent of the data leak, they are actively pursuing an in-depth examination of the matter in collaboration with the National Cyber and Crypto Agency, the Directorate General of Immigration, and the Ministry of Law and Human Rights.

Pangerapan emphasized the ministry’s commitment to ensuring the security and privacy of Indonesian citizens, urging all digital platform providers and personal data managers to enhance the protection of users’ personal information in accordance with existing data protection regulations. Furthermore, he emphasized the importance of safeguarding electronic systems from potential breaches.

This is not the first instance in which Bjorka has made headlines for cybercriminal activities. In September 2022, the hacktivist gained infamy for stealing 1.3 billion SIM card data from the Indonesian Ministry of Communication and Information Technology servers, subsequently offering it for sale on the dark web. Additionally, Bjorka is suspected of stealing personal information from 17 million Indonesian electricity company PLN customers in August of the same year.

Indonesia remains a prime target for cyberattacks within Southeast Asia, as demonstrated by the staggering number of over 11 million recorded attacks in the first quarter of 2022 alone.