Hackers are leaking personal and electoral data belonging to some 2.3 million Indonesian citizens.
According to the samples, the data appears to date back to 2013 and is said to have been stolen from the official website of The General Elections Commission or Komisi Pemilihan Umum (KPU) in Indonesian.
The 2.36GB worth of data was divided into several folders all containing the data in PDF files.
The leaked information include full names, addresses, registration numbers, gender, family card numbers, date of birth and place of birth, marriage status, etc..
And making things worse, the threat actors plan to leak the remaining 200 million Indonesian citizenship data on the hacker forum where the electoral data is currently being traded.
The leak was first discovered by the Israeli data breach monitoring and prevention service Under the Bridge.
Actor leaks information on 2,300,000 Indonesian citizens.
data includes names, addresses, ID numbers, birth dates, and more.
Appears to date back to 2013.
Actor claims he will leak 200,000,000 additional citizens information soon. pic.twitter.com/xVWhOGOhtX
— Under the Breach (@underthebreach) May 21, 2020
The reason for this leak, according to the hackers:
Founder of Ethical Hacker Indonesia Teguh Aprianto, said that the 2,3 million data being shared on the hacker forum are data from voters in Yogyakarta, including those from Bantul, Gunung Kidul, kota, Kulonprogo dan Sleman.
However, according to KPU Commissioner Viryan Azis, the leak may have been from the soft file from the 2014 voters.
The soft files were copies of the original, that were distributed to political parties eligible for the election. They were meant to be submitted at least seven days after being made, and are created solely from that moment's voting and nothing else.
"All the data comes as PDF, sorted according to TPS (polling stations)," he said.
Teguh Aprianto stressed out that KPU itself has not been hacked.
This news came shortly after hackers managed to get their hands on data of millions of Indonesians through hacking Tokopedia, the country's e-commerce giant.