Indonesia based Tokopedia, an e-commerce marketplace that had announced a $1.5 billion funding round from Softbank, Alibaba, Temasek back in January 2020, has introduced Dhanapala, a standalone or independent peer to peer (P2P) Fintech lending platform. The Dhanapala app is currently available for download to Android users, however, the company has not made an official announcement regarding the launch.
Dhanapala’s service has been introduced at a time when Tokopedia and the Indonesian government are in the process of investigating a data leak that compromised the personal data of millions of the company’s customers. The leaked data reportedly includes the names, birth dates, gender, email addresses, and phone numbers of Tokopedia users.
The leak was discovered when the personal information of about 15 million Tokopedia customers was posted online in May 2020. The hacking group, which goes by the name Whysodank, reportedly sold the customer data for $5,000 through a dark web marketplace.
Dhanapala’s services might not be safe to use considering that Tokopedia’s infrastructure may not be secure. It’s unclear why this new service has been introduced when there’s an ongoing investigation into how the Tokopedia platform was targeted.
William Tanuwikaya, CEO at Tokopedia, had confirmed that the company was working with investigators which includes government agencies such as Indonesia’s Ministry of Communication and Information Technology and the National Cyber and Crypto Agency (BSSN).
Tokopedia has been sued by the consumer association in Indonesia. The first court hearing took place in June 2020. In July, three Tokopedia workers provided testimony for the case.
Teguh Aprianto, a cybersecurity consultant and founder of Ethical Hacker Indonesia, told KrAsia:
“The purpose of the investigation is to find out who the perpetrators are and how they entered the company’s system. I think users and the public have the right to question the clarity of the investigation that has been going on for about four months because it involves their data,”
Aprianto added that the investigation seems to be taking longer to complete than it should. He claims that Tokopedia has been cooperating with Indonesia’s IT ministry and BSSN (National Cyber and Crypto Agency or the Badan Siber dan Sandi Negara).
Aprianto further noted:
“Look at Twitter, for example. The FBI arrested the hackers behind Twitter’s security breach within a month. I believe Tokopedia has the same abilities [to identify the parties involved in the breach], especially since it is assisted by large institutions.”
Dhanapala’s P2P lending platform has been approved and licensed by the nation’s Financial Services Authority or Otoritas Jasa Keuangan (OJK). It received a permit back in August 2019, which is nine months before Whysodank leaked the personal data of Tokopedia’s customers online.
Nuraini Razak, VP of corporate communications at Tokopedia, told KrAsia:
“Dhanapala … provides micro, small, and medium enterprises (MSMEs) with access to financial services, especially working capital, to develop their businesses and increase financial inclusion in Indonesia.”