Indonesian Political, Business & Finance News

Password Theft in Indonesia Surges: Tactics and Solutions

| Source: CNBC Translated from Indonesian | Technology
Password Theft in Indonesia Surges: Tactics and Solutions
Image: CNBC

Jakarta, CNBC Indonesia – Cyberattacks using password theft or ‘password stealer’ malware are escalating across Southeast Asia, including Indonesia. Cybersecurity firm Kaspersky recorded over 200,000 password-stealing attacks targeting Indonesian companies in 2025, with its business solutions detecting and blocking over one million such attacks in the region this year.

Indonesia alone logged 234,615 attacks in 2025, a 7% increase from 219,195 in 2024. The Philippines saw the highest surge at 41%, followed by Malaysia (33%), Singapore (25%), and Vietnam (21%), while Thailand experienced a 21% decline.

Password stealer malware is specifically designed to steal passwords and user account information, extracting sensitive data stored in browsers, cache files, cookies, and even crypto asset wallets. Stolen data is then exploited by cybercriminals for various malicious activities, including financial theft, identity theft, extortion, and launching further attacks using compromised accounts.

Kaspersky’s Asia Pacific Managing Director, Adrian Hia, stated that password stealers remain one of cybercriminals’ most effective tools as they target the front door of businesses – user credentials. He noted that Kaspersky’s analysis of 193 million leaked passwords found 45% could be cracked in under a minute, while only 23% were strong enough to withstand hacking attempts for over a year.

‘Password stealers continue to be among the most effective weapons in cybercriminals’ arsenals due to their focus on the front door of every company – user credentials,’ Hia told CNBC Indonesia on Tuesday (19 May 2026).

To mitigate risks, Kaspersky advises companies to adopt password managers for generating and securely storing random, strong passwords. It also recommends implementing multi-factor authentication (MFA), regular credential audits, and user access restrictions. Individuals are urged to use unique passwords for each service to prevent breaches from spreading across accounts, avoid easily guessable passwords like birthdates or pet names, and enable two-factor authentication (2FA) for added security.

View JSON | Print