Indonesian govt blocks access to RaidForums hacking forum after data leak

The Indonesian government is blocking access to the RaidForums hacking forum after the alleged personal information of Indonesian citizens was posted online.

On Friday, a newly registered forum member posted what they claim is a database containing 200 million records of personal information for Indonesian people.

The threat actor claims the database contains Indonesians' KTP NIK number, KK number, full name, place of birth, date of birth, and other sensitive and personal information.

Forum post sharing allegedly leaked data

While the Indonesian government has not confirmed if the data is legitimate, they have performed a random investigation of 1 million records and believe a more thorough investigation needs to be conducted by the government's information technology and cybersecurity agencies.

"To date, Kominfo has identified a larger amount of data and expanded its investigation of around 1 million data that sellers claim to be sample data," says Indonesia's Ministry of Communication and Information in a statement.

"From the results of a randomized investigation of around 1 million data, it can be concluded that Kominfo and BSSN need to carry out a more in-depth investigation together with BPJS Kesehatan."

Kominfo believes the data may have originated from BPJS Kesehatan, the Social Security Administrator for Health who manages the the national healthcare service for the country.

As first reported by KrASIA, to prevent the further spread of the leaked data, the Ministry of Communication and Information Technology (Kominfo) is blocking access to the RaidForums forum.

In addition, Kominfo states that they have blocked access to links on "bayfiles.com, mega.nz, and anonfiles.com" that have been distributing the leaked data.

However, this is likely to lead to a game of whack-a-mole as more download links have already surfaced on the hacking forum and in other sites where threat actors commonly share leaked data.

Possible connection to 2020 voter information leak

In May 2020, almost exactly a year ago, a threat actor shared the 2014 voter information for almost 2 million Indonesians on RaidForums.

Forum post sharing Indonesian voter information

However, the General Elections Commission of Indonesia (KPU) denied being hacked and stated that the data was scraped from publicly available information.

At the time, the threat actor also claimed to have the data for 200 million Indonesians that they planned on releasing later.

It is not known if last week's data leak is connected to this same threat actor.