KPU Hacked, Data of 204 Million Indonesian Citizens Sold on Internet Tech – 8 hours ago


Jakarta, CNBC Indonesia – The official website of the General Election Commission (KPU) was reportedly hacked by hackers. Reportedly 204 million DPT data was leaked in this incident.

This hack was reported by CISSREC. According to the agency, KPU data was shared by an anonymous account called Jimbo.

There are more than 200 million sold by Jimbo. The account sold it for US$74 thousand or around Rp. 1.2 billion.


Jimbo shared 500 sample data on the darkweb site Breachforums. The account also uploaded several screenshots from the KPU’s Check DPT Online website to verify the data obtained.

“Jimbo also said in a post on the forum that the 252 million data he managed to get contained some duplicate data, where after Jimbo carried out filtering, there were 204,807,203 unique data, which is almost the same number as the number of voters in the KPU’s Permanent DPT which was 204,807 ,222 voters from 514 districts/cities in Indonesia and 128 representative countries,” wrote the Chairman of the CISSReC Cyber ​​Security Research Institute, Pratama Persadha in his official statement received CNBC IndonesiaWednesday (29/11/2023).

The data shared includes NIK, Family Card number, KTP number, passport number for voters abroad, full name, gender, date and place of birth, marital status, complete address, RT, RW, sub-district, sub-district and district codefication as well as TPS codification.

The agency is also trying to verify data from the samples provided by Jimbo. The results of the data issued from the Cekdpt website are exactly the same.

Hackers managed to gain access to the KPU Admin role using various methods. Starting from phishing, social engineering or malware.

“In another screenshot shared by Jimbo, you can see a KPU website page which probably comes from the user’s dashboard page,” he said.

“With this screenshot, it is very likely that Jimbo succeeded in gaining login access using the KPU Admin role from the sidalih.kpu.go.id domain using phishing methods, social engineering or through malware.”

[Gambas:Video CNBC]

Next Article

DPR RI Accounts Flooded with Online Gambling, YouTube Opens Voice