The Secret Behind Your Data and Account Leaks
05 May 2025
The Secret Behind Your Data and Account Leaks
Imagine waking up one morning and suddenly receiving a notification for a banking transaction you didn't make. Accounts have been debited, personal data is scattered, and you don't know where to start. This is the new reality of the digital age, where your identity can be stolen and sold in a matter of seconds.
Data leakage is no longer a threat, but a reality that stalks every internet user. So, how exactly can hackers get your ID card and account data?
1. Dark Web: Your Data is Traded Globally
The dark web is the part of the internet that cannot be accessed normally. This is where personal data, including NIK, ID card photos, account numbers, emails, and phone numbers are sold like commodities. In fact, a complete data package can cost as little as a few tens of thousands of rupiah.
In some cases, the data is obtained from hacking the systems of public and private institutions. For example, data leaks from BPJS Health services and several fintechs in Indonesia have come under scrutiny for containing sensitive information on millions of citizens.
2. Phishing: When You Unknowingly Give Yourself Access
Phishing is a method of social engineering done through emails, WhatsApp messages, SMS, or fake links that look official. Users are directed to click on the link and enter personal information such as account numbers, OTP, or ID card photos.
Frequently used modes:
-
Fake emails or messages from banks or e-commerce.
-
Raffle prize links with a professional look.
-
Copycat sites that resemble the agency's original website.
Once the data is entered, the perpetrator instantly accesses your accounts, even bank accounts.
3. Illegal Apps & Websites: 'Free' But Dangerous
Many apps and websites seem free and useful, but behind them are tracking scripts or malware. When you fill out a registration form, their system records all the data you enter. Some even steal data through camera, gallery or contact access permissions when you install an app.
Beware of fake marketplaces, illegal online lending services, or fake job sites that ask for ID cards and account numbers as “verification requirements”.
4. Leakage from Internal System: Behind-the-Scenes Cracks
Not all leaks occur due to individual negligence. In many cases, it occurs from within the official institution's system, either due to weak cybersecurity or internal elements. User data that is stored unencrypted or not protected by adequate firewalls can be accessed by hackers through system vulnerabilities.
Unfortunately, not all agencies immediately inform the public about these leaks, so the public only realizes it when they are already victims.
5. Using Double Data and Not Being Careful on Social Media
Uploading your ID photo on social media, filling in data on multiple platforms without checking their credibility, or sharing personal data when registering for events can backfire. Cybercriminals can use one piece of data to perform social engineering, match it with other information available online, and compile it into a complete profile of you.
With this combination, they can open online loan accounts in your name, access your accounts, or sell your identity on the black market.
How to Protect Yourself from Data Leaks?
-
Use a different email and password for each digital account.
-
Enable two-step authentication (2FA) for important services like banking and email.
-
Avoid uploading personal documents to social media, even on temporary features like stories.
-
Don't blindly click on links from unknown sources.
-
Periodically check if your email or account has been compromised on sites like haveibeenpwned.com.
-
If you suspect that your data has been leaked, change your password right away, notify the relevant agencies, and block suspicious accounts.
-
Educate your family and neighborhood about the importance of maintaining the confidentiality of personal data.
Conclusion
In the digital age, personal data is more valuable than cash. Hackers don't need to break into a safe, just wait for an opening from your negligence or an unprotected system. Digital identity is an important asset, and protecting it should be a priority.
Always be vigilant, cautious and critical of any requests for personal data. Don't wait until you become a victim and then act.
Author: Ghea Devita
Marketing Communication, PT Perkom Indah Murni.
