The Indonesian government has announced plans to block the RaidForums hacking forum. The move come after an anonymous forum user posted the personal information of millions of Indonesian citizens.
On Friday, a newly registered user posted a database containing 200 million personal records of Indonesian citizens.
The post author claims the information contains such records as KTP NIK number, KK number, full name, date of birth, place of birth, and other sensitive information.
While the Indonesian government has studied 1 million records and said a further investigation will be conducted by the government’s IT and cybersecurity agencies.
“To date, Kominfo has identified a larger amount of data and expanded its investigation of around 1 million data that sellers claim to be sample data. From the results of a randomized investigation of around 1 million data, it can be concluded that Kominfo and BSSN need to carry out a more in-depth investigation together with BPJS Kesehatan,” said Indonesia’s Ministry of Communication and Information in a statement.
Kominfo said they suspect BPJS Kesehatan, the Social Security Administrator for Health who manages the country’s national healthcare service, may have leaked the data.
The leak was first reported by KrASIA. To prevent the further dissemination of the sensitive citizen data, the Ministry of Communication and Information Technology (Kominfo) has decided to block access to the RaidForums forum altogether. Kominfo has also blocked links to files with the leaked data on bayfiles.com, mega.nz, and anonfiles.com. But more download links have already sprouted on other hacking forums and leak sites.
A year ago, an anonymous threat actor posted the 2014 voter information for almost 2 million Indonesians, and also on RaidForums.
At the time, the General Elections Commission of Indonesia (KPU) said the data was scraped from publicly available information. There is no evidence at this time the last week’s data leak is connected to the last year’s leak.