Pemantauan insiden
Satu halaman untuk insiden terverifikasi (Have I Been Pwned) dan klaim lokal yang sedang diselidiki—dengan tautan sumber asli dan implikasi untuk sektor keuangan.
Patuhdata menggabungkan kurasi editorial dengan data terverifikasi dari katalog industri.
Have I Been Pwned
Katalog insiden terverifikasi oleh Troy Hunt — standar industri untuk breach yang sudah dikonfirmasi.
BSSN
Badan Siber dan Sandi Negara — koordinasi insiden keamanan siber nasional. Portal CSIRT untuk pelaporan insiden.
Kemkomdigi
Kementerian Komunikasi dan Digital — pengawasan ruang digital & UU PDP (sementara).
Brinztech
Threat intelligence & alert kebocoran data regional.
Insiden berikut dikonfirmasi dan dikatalogkan oleh Have I Been Pwned (Troy Hunt)—standar industri untuk breach yang sudah diverifikasi, bukan sekadar klaim media.
mypertamina.id
6.0 juta akun
November 2022
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service . The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
Data terdampak: Dates of birth · Email addresses · Genders · Names · Phone numbers · Physical addresses · …
Detail di Have I Been Pwnedtravelio.com
471 ribu akun
November 2021
In November 2021, the Indonesian real estate website Travelio suffered a data breach that exposed over 470k customer accounts . The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens.
Data terdampak: Auth tokens · Dates of birth · Email addresses · Names · Passwords · Phone numbers · …
Detail di Have I Been Pwnedqraved.com
985 ribu akun
Juli 2021
In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data . The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.
Data terdampak: Dates of birth · Email addresses · Names · Passwords · Phone numbers
Detail di Have I Been Pwnedjamtangan.com
435 ribu akun
Juli 2021
In July 2021, the online Indonesian watch store, Jam Tangan (AKA Machtwatch), suffered a data breach that exposed over 400k customer records which were subsequently posted to a popular hacking forum. The data included email and IP addresses, names, phone numbers, physical addresses and passwords stored as either unsalted MD5 or bcrypt hashes.
Data terdampak: Email addresses · IP addresses · Names · Passwords · Phone numbers · Physical addresses
Detail di Have I Been Pwnedredmart.lazada.sg
1.1 juta akun
Juli 2020
In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords stored as SHA-1 hashes.
Data terdampak: Email addresses · Names · Partial credit card data · Passwords · Phone numbers · Physical addresses
Detail di Have I Been Pwnedkreditplus.com
769 ribu akun
Juni 2020
In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup, information on spouses, income and expenses, religions and employment information. The data was provided to HIBP by breachbase.pw .
Data terdampak: Dates of birth · Email addresses · Employers · Family structure · Genders · Income levels · …
Detail di Have I Been Pwnedtokopedia.com
71.4 juta akun
April 2020
In April 2020, Indonesia's largest online store Tokopedia suffered a data breach . The incident resulted in 15M rows of data being posted to a popular hacking forum. An additional 76M rows were later provided to HIBP in July 2020. In total, the data included over 71M unique email addresses alongside names, genders, birth dates and passwords stored as SHA2-384 hashes.
Data terdampak: Dates of birth · Email addresses · Genders · Names · Passwords
Detail di Have I Been Pwnedbhinneka.com
1.3 juta akun
Januari 2020
In early 2020, the Indonesian consumer electronics website Bhinneka suffered a data breach that exposed almost 1.3M customer records . The data included email and physical addresses, names, genders, dates of birth, phone numbers and salted password hashes.
Data terdampak: Dates of birth · Email addresses · Genders · Names · Passwords · Phone numbers · …
Detail di Have I Been Pwnedindihome.co.id
12.6 juta akun
November 2019
In mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome . Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, genders and geographic locations. The most recent data was stamped as being recorded in November 2019.
Data terdampak: Device information · Email addresses · Genders · Geographic locations · IP addresses · Names
Detail di Have I Been Pwnedyouthmanual.com
938 ribu akun
Januari 2019
In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data . The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical addresses and salted SHA-1 password hashes.
Data terdampak: Bios · Dates of birth · Email addresses · Genders · Names · Passwords · …
Detail di Have I Been Pwnedbukalapak.com
13.4 juta akun
Oktober 2017
In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation's backups dating back to October 2017 . The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes.
Data terdampak: Email addresses · IP addresses · Names · Passwords · Usernames
Detail di Have I Been PwnedData breach dikutip dari Have I Been Pwned (Troy Hunt). Diperbarui otomatis setiap 24 jam. Hanya insiden yang relevan untuk ekosistem Indonesia (domain .id & layanan populer di Indonesia).
Berita Indonesia 2025–2026 yang mungkin belum masuk HIBP—dari media, pemerintah, dan komunitas keamanan siber.
Kurasi lokal Patuhdata — insiden dan klaim kebocoran di Indonesia dari media & instansi (belum tentu ada di HIBP). Terakhir diperbarui: 17 Mei 2026.
Patuhdata mengkurasi insiden Indonesia dari media, pemerintah, dan threat intelligence—dipadukan dengan insiden terverifikasi Have I Been Pwned untuk layanan relevan. Status dapat berubah. Bukan daftar resmi regulator; bukan opini hukum.
Pemerintah · Imigrasi
Beredar klaim peretasan sistem eVisa dan penjualan data paspor/visa. Ditjen Imigrasi menyatakan informasi hoaks dan mengusut penyebar klaim.
Catatan status: Ditjen Imigrasi membantah kebocoran; penyelidikan penyebar hoaks berjalan.
Sumber
Implikasi sektor keuangan
Mengingatkan institusi keuangan untuk memverifikasi klaim breach sebelum komunikasi publik, dan menguji apakah data KYC/perjalanan nasabah terpapar.
Platform digital · Sosial media
Laporan media tentang dataset besar pengguna Instagram yang disalahgunakan untuk doxxing dan pemerasan. Dampak langsung ke pengguna Indonesia yang memakai platform yang sama.
Catatan status: Klaim dari laporan keamanan/media; verifikasi resmi platform bervariasi.
Implikasi sektor keuangan
Risiko credential stuffing, social engineering, dan pemulihan akun nasabah yang memakai email/telepon terhubung Instagram.
Pemerintah daerah
Komunitas keamanan siber melaporkan dataset warga Kota Bandung di forum underground. Pihak daerah dan aparat menyelidiki validitas klaim.
Catatan status: Laporan VECERT / media keamanan; investigasi pemerintah daerah berlangsung.
Sumber
Implikasi sektor keuangan
Data identitas daerah sering dipakai untuk verifikasi alamat/KYC tiruan—perkuat deteksi fraud onboarding.
Nasional · Multi-sektor
Intelligence keamanan siber melaporkan paket data besar berisi identitas dan kontak warga. Belum ada konfirmasi resmi terpusat; investigasi lintas instansi.
Catatan status: Klaim dari komunitas threat intelligence; instansi pusat menyelidiki.
Sumber
Implikasi sektor keuangan
Jika terbukti, memperbesar risiko penipuan identitas, pembukaan rekening palsu, dan social engineering terhadap nasabah.
Pendidikan · Pemerintah
Viral di dark web mengenai data siswa Indonesia. Pemerintah membantah indikasi kebocoran; Kemendikbud, BSSN, dan Kemkomdigi melakukan investigasi.
Catatan status: Menko PMK dan kementerian terkait membantah; investigasi teknis berlanjut.
Sumber
Implikasi sektor keuangan
Menunjukkan sensitivitas publik terhadap data anak/remaja—relevan untuk produk finansial remaja dan verifikasi usia.
Gap assessment memetakan kontrol insiden, vendor, dan bukti audit sebelum tekanan regulator atau mitra B2B meningkat.
Koreksi atau laporan insiden baru? support@patuhdata.id · Status Badan PDP