Brinztech Alert: The Alleged Database of Matahari is on Sale

Dark Web News Analysis

The dark web news reports a major potential security breach involving Matahari, one of Indonesia’s largest and most prominent department store chains. A threat actor on a hacker forum is offering a database for sale that allegedly belongs to the retailer. The dataset purportedly contains 2 million rows of user information. The compromised fields are highly sensitive and include Full Names, Email Addresses, Dates of Birth, Genders, and Phone Numbers. Most critically, the listing suggests the potential inclusion of Card Numbers (credit or debit), which elevates this incident from a privacy issue to a direct financial threat.

Key Cybersecurity Insights

A breach of a major national retailer like Matahari impacts a vast cross-section of the Indonesian consumer base:

• Financial Fraud Risk: The alleged exposure of Card Numbers is the immediate priority. Even if the CVV codes were not leaked (which is common in such dumps), attackers can still use the card number and expiry date to commit fraud on merchants that have weaker security checks or do not require CVV for recurring subscriptions.
• Identity Theft & Pinjol Fraud: In Indonesia, the combination of Full Name, Date of Birth, and Phone Number is often enough for criminals to apply for fraudulent loans on “Pinjol” (online lending) platforms. Criminals use the victim’s data to secure a quick loan, cash out, and leave the victim with the debt and a ruined credit rating.
• Targeted Phishing (WhatsApp/SMS): With 2 million Phone Numbers exposed, attackers can launch mass phishing campaigns via WhatsApp. They may pose as Matahari customer support offering a “refund” or “exclusive voucher,” tricking users into clicking malicious links that steal banking OTPs.
• Account Takeover: If Matahari users reused their passwords on other e-commerce sites (like Tokopedia or Shopee), attackers will use the emails from this leak to attempt Credential Stuffing attacks across the Indonesian digital ecosystem.

Mitigation Strategies

To protect customers and financial assets, the following strategies are recommended:

• Card Blocking: If the exposure of card numbers is confirmed, Matahari must work with Bank Indonesia and major local banks to proactively flag or block the compromised card numbers to prevent unauthorized transactions.
• Forced Password Reset: Immediately invalidate all customer passwords on the Matahari app/website. Implement OTP (One-Time Password) verification for the password reset process.
• Fraud Alert: Issue a public advisory warning customers to monitor their bank statements closely. Specifically, warn them against sharing OTPs with anyone claiming to be from Matahari.
• Data Minimization Audit: Review why the database contained card numbers. PCI-DSS standards strictly regulate the storage of PAN (Primary Account Numbers). If full numbers were stored in plain text, this represents a significant compliance failure.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com