In March 2019, the Indonesian e-commerce website Bukalapak discovered a data breach of the organisation’s backups dating back to October 2017. The incident exposed approximately 13 million unique email addresses alongside IP addresses, names and passwords stored as bcrypt and salted SHA-512 hashes. The data was provided to HIBP by a source who requested it to be attributed to "Maxime Thalet".
Accounts breached: 13369666
Breached on: October 23, 2017
Exposed data: Email addresses, IP addresses, Names, Passwords, and Usernames
Added on: April 18, 2019