In a cyber breach that could ruin more than just your entire day (if you are Indonesian), over 6 million Indonesian taxpayers are now wondering if their personal information has been exposed on the dark web.
The hacker, known as “Bjorka,” decided it was a good idea to leak the data online, and he even included the personal information of high-profile government officials. Yes, the President and his family were not spared.
Not stopping there, Bjorka had some rather colorful commentary, calling the President's sons “stupid” and government ministers “useless.”
This isn't a low-level prank; it's a breach that could expose millions of people's private information.
Consider names, addresses, taxpayer IDs, emails, phone numbers, and anything else you don't want someone to have access to.
The leak allegedly occurred in September 2024, potentially exposing more than 6.6 million people.
The data was compressed into a 500 MB file that expands to 2 GB when unzipped, containing millions of CSV records.
So, what is up for grabs? Personal identification numbers (NIK), tax IDs (NPWP), addresses, birth dates, and even contact information for local tax offices.
It's a field day for anyone looking to exploit this type of data, and it's all for the low, low cost of $10,000. Isn't it a steal?
According to security researchers, this information was most likely obtained from Indonesia's tax database or a related government registry.
Bjorka also included a bigger sample data of approximately 10,000 total lines available to download for free in order to show more legitimacy on the big data that is up for grabs.
The sample data being circulated is also unlikely to have been compiled from previous dark web leaks or sourced randomly.
With taxpayer IDs, contact information, and occupation information all bundled together, this is the type of breach that could fuel identity theft for years to come.
If proven to be legitimate by the Indonesian government, citizens could be in a serious privacy crisis, with millions of citizens' data at risk of being misused, sold, or worse.
This is not the threat actor's first rodeo either. Back in January, he put up for sale the data from yet another high-profile breach: MyPertamina, Indonesia's fuel app, which was hacked in November 2022.
So far, he has only posted two major breaches, but his reputation within the BreachForums community and beyond is strong.
This is more than just a cybersecurity headline; it is a warning, not only to Indonesian officials who have been labeled “useless,” but to everyone whose data is now out in the open.
As for Bjorka? He's probably sitting back, watching the chaos he's created while being $10,000 richer.