Hackers Leaked Information Of 2.3 Million Indonesian Voters To The Internet

23/05/2020

Hackers are leaking personal and electoral data belonging to some 2.3 million Indonesian citizens.

According to the samples, the data appears to date back to 2013 and is said to have been stolen from the official website of The General Elections Commission or Komisi Pemilihan Umum (KPU) in Indonesian.

The 2.36GB worth of data was divided into several folders all containing the data in PDF files.

The leaked information include full names, addresses, registration numbers, gender, family card numbers, date of birth and place of birth, marriage status, etc..

And making things worse, the threat actors plan to leak the remaining 200 million Indonesian citizenship data on the hacker forum where the electoral data is currently being traded.

The leak was first discovered by the Israeli data breach monitoring and prevention service Under the Bridge.

The reason for this leak, according to the hackers:

"I decided to share with you about 2.3 million Indonesia citizenship and election data cause I think Indonesian data seems rare in this forum (referring to the hacker forum where the data has been leaked)."

Founder of Ethical Hacker Indonesia Teguh Aprianto, said that the 2,3 million data being shared on the hacker forum are data from voters in Yogyakarta, including those from Bantul, Gunung Kidul, kota, Kulonprogo dan Sleman.

However, according to KPU Commissioner Viryan Azis, the leak may have been from the soft file from the 2014 voters.

The soft files were copies of the original, that were distributed to political parties eligible for the election. They were meant to be submitted at least seven days after being made, and are created solely from that moment's voting and nothing else.

"All the data comes as PDF, sorted according to TPS (polling stations)," he said.

KPU kena hack
The files are PDFs, created as copies of the originals. (Credit: Under the Bridge)

Teguh Aprianto stressed out that KPU itself has not been hacked.

This news came shortly after hackers managed to get their hands on data of millions of Indonesians through hacking Tokopedia, the country's e-commerce giant.