Dark Web forum leaks 102 million Indonesian KTP data, allegedly from Ministry of Social Affairs

Indonesia's Ministry of Social Affairs suffers major data breach

Indonesia has once again been enlivened by a data breach believed to have come from the Ministry of Social Affairs (Kemensos), with a total of 102 million pieces of public data leaked and sold on the dark web site Breached.to.

The data uploaded by the account named sspX is titled "Database of Indonesian citizens from the Indonesian Ministry of Social Affairs," and the post describes that it has been uploaded since Sept. 13. The file is believed to be the most recent data from the Indonesian Ministry of Social Affairs, updated to September 2022, and contains 85 GB of data, with a total of 102,533,211 entries.

The hacker also provided information on the uploaded data, including NIK, KK number, full name, date of birth, age and gender. As well as some samples of the leaked data, including photos of ID cards (KTP) and family cards (KK).

DarkTracer Reveals Data Breach

The data breach at the Ministry of Social Affairs was also reported by the DarkTracer hacking investigation platform through its Twitter account @DarkTracker_int, which is described as a dark web threat investigation platform from Singapore.

He tweeted, "A malicious actor appears to be selling a database claiming to be a database of 102 million citizens leaked from the Ministry of Social Affairs of the Republic of Indonesia."

In his tweet, he also showed a photo in the form of data information from the Ministry of Social Affairs that leaked up to 16GB of compressed data, 85GB of uncompressed data, and a total of 102,533,221 pieces of data.

"He leaked dozens of photo IDs as samples. This was necessary to ensure that his claims were true," he added.

Indonesia's Ministry of Social Affairs has been a target of hackers

The Ministry of Social Affairs has been the target of hackers after a series of leaks of 1.3 billion SIM card registrations, 17 million PLN data and 26 million IndiHome-Telkom customer data.

At this time, the Ministry of Social Affairs is unable to provide further confirmation of the alleged breach. It is also not known who broke into the data and sold the accounts of the data on the dark web.

The Ministry of Social Affairs is an agency that was targeted by hackers after previous alleged leaks also occurred. Previously, hackers named Bjorka leaked 1.3 billion SIM card registration data containing 87 GB of data.

The hackers also claimed to have shared data from 2 million samples collected from 2017 to 2020. The operators listed in the data samples are Telkomsel, Indosat, Tri, XL and Smartfren.

Not only that, 17 million pieces of data from PLN and 26 million IndiHome customers were also compromised.Bjorka also hacked into the personal data of senior state officials, from President JokoWidodo, Communications and Information Minister Johnny G. Plate, and State Enterprise Minister ErickThohirm to Indonesian House of Representatives Chairman PuanMaharani.

Indonesian motorcycle and vehicle owner registration data was also compromised

There is another account OKE that sells registration data of Indonesian motorcycles and vehicle owners, and the owner of the data seller account claims to be the first person to have registration data of Indonesian cars and motorcycles.

"Selling data of 36 million cars in Indonesia," reads the OKE post, which was recorded as having been posted on Sept. 1 last year.

Further tracking, the pending sales data also shows details of cars and motorcycles sold as well as their frame numbers. Everything from Suzuki Carry commercial vehicles to Alphard passenger cars are recorded and traded.

"Introduction: This data contains information about all car registration data in Indonesia. The database includes all vehicles registered from 2000 to 2021. All records are included as long as they are vehicles in Indonesia. "The account owner further writes.