Passport Data Allegedly Leaked, This is a Series of Actions by Bjorka, the Suspected Hacker

Some 34.9 million passport data belonging to Indonesian citizens from the Directorate General of Immigration, Ministry of Law and Human Rights, have reportedly been leaked.

According to Katadata, this data was allegedly sold online on the bjork.ai website, suspected to be operated by a hacker known as Bjorka, for US$10,000 or approximately Rp150 million.

Cybersecurity consultant Teguh Aprianto posted a tweet on his Twitter account, @secgron, regarding the data breach of passport holders.

"For those who already have a passport, congratulations because 34 million passport data have just been leaked and sold. The leaked data includes passport number, passport validity date, full name, date of birth, gender, and others. What has @kemkominfo and @BSSN_RI been doing all this time?" Teguh said on Wednesday (7/6/2023).

The founder of Ethical Hacker Indonesia explained that the perpetrator also provided a sample of 1 million data on the portal.

"Judging from the sample data provided, the data appears valid, with validity periods from 2009-2020," he wrote.

Teguh also uploaded a screenshot of the alleged data hacked by Bjorka on his website. The hacking allegedly occurred this July 2023. The total capacity of the hacked data reached 4 gigabytes (GB).

The actions allegedly committed by Bjorka and the weak government data protection have resulted in data leaks, which is not a new occurrence.

(Read also: This Series of Losses Experienced by the Public Due to Financial Data Leaks)

Here is a summary by Databoks of several data leaks allegedly committed by Bjorka from Katadata:

* Alleged hacking of 3.2 billion PeduliLindungi user data.
* Alleged hacking of 1.3 billion SIM card registration data belonging to the Ministry of Communication and Informatics (Kominfo). This 87 GB data contains NIK (National Identity Number), mobile phone number, telecommunications operator, and registration date. The data was sold for US$500,000 or Rp 745 million.
* Alleged hacking of 105 million citizen data related to general elections. Data includes NIK, Family Card, full name, place and date of birth, gender, and age.
* Alleged hacking of 44.2 million MyPertamina user data. The data size is claimed to reach 30 GB, consisting of information such as name, email, NIK, NPWP (Taxpayer Identification Number), phone number, and user spending. This data, obtained in November 2022, was sold for US$25,000 or Rp 392 million.
* Alleged hacking of 26 million IndiHome customer search history data. Data includes keywords, email, name, gender, and NIK. However, this allegation was denied by Telkom's SVP Corporate Communication and Investor Relation, Ahmad Reza.

Data with an unknown number of leaks:

* Alleged hacking of personal data of several officials, including: Head of the National Cyber and Crypto Agency (BSSN) Hinsa Siburian, former official of the Directorate General of Taxes, Ministry of Finance Rafael Alun Trisambodo, Minister of State-Owned Enterprises (BUMN) Erick Thohir, Coordinating Minister for Maritime Affairs and Investment Luhut B. Pandjaitan, and Speaker of the House of Representatives (DPR) Puan Maharani.

On the other hand, the identity and real figure of Bjorka remain unknown. President Joko Widodo (Jokowi) had formed an emergency team to handle the data leak in September 2022.

(Read also: Indonesia is Among the Top 3 Countries with the Most Data Leaks in the World)