Malware
PandaBuy Falls Prey to Relentless Hacker Extortion After Paying Ransom
PandaBuy, a Chinese website selling discounted products, was extorted twice by ransomware hackers, even after paying the ransom. Learn about the risks of engaging with cybercriminals and the importance of securing your website from ransomware attacks.
Imagine shopping at your favorite online store and then discovering your personal data has been leaked – not once, but twice. That’s precisely what happened to users of Chinese shopping platform PandaBuy. The company had previously paid a ransom to prevent stolen data from being leaked, only for the same cybercriminal to come back for more this week.
PandaBuy is an online platform that serves as a middleman between customers and various Chinese e-commerce websites, such as Tmall, Taobao, and JD.com. These sites don’t ship internationally, but PandaBuy allows users to purchase products from them and have the items shipped to their location.
The First Data Leak
On March 31, 2024, a cybercriminal going by the alias ‘Sanggiero’ published 3 million rows of data stolen from PandaBuy on BreachForums. This exposed customer names, phone numbers, email addresses, login IP addresses, home addresses, and even order details. The hacker claimed to have stolen the data by exploiting critical vulnerabilities in the PandaBuy API.
This data was shared with the data breach notification service Have I Been Pwned (HIBP), which added 1.35 million email addresses from this incident to its system. At the time, PandaBuy chose not to make any public statements, and there were even reports of the company trying to censor customer discussions on Discord and Reddit.
A Second Extortion Attempt
On June 3, 2024, Sanggiero returned to offer the sale of what he claimed was the entire database previously stolen from PandaBuy for a whopping $40,000. This database allegedly contains 17 million rows, suggesting a much larger data set. However, Sanggiero didn’t provide evidence of additional customer data in the form of samples. He did upload screenshots showing sensitive employee information like emails and passwords.
A PandaBuy spokesperson admitted to us that they had paid the hacker an undisclosed amount to stop the data leak. They added that the cybercriminal may have shared the data with others, so they would no longer cooperate with him.
“At present, we cannot continue to pay the hacker fees due to the frozen funds, and the data he leaked is the same as the last one. We have confirmed with the technical department that all the loopholes have been fixed at the time of the first leak incident. And for all we know, he secretly sold our data to other agents after he made the deal with us. We can not cooperate with him in the future.”
❖ PandaBuy
We tried reaching out to Sanggiero about the company’s statement but have not received a response at this time.
Protecting Yourself
For now, it’s better to err on the side of caution and be on the lookout for unsolicited messages from people claiming to be PandaBuy. These could be phishing attempts to gather additional personal information. If you haven’t already reset your password at PandaBuy, we strongly recommend doing so now, just in case more data was stolen, as the hacker claims.
Don’t Be a Victim – Stay Informed and Protected
Incidents like these serve as a stark reminder of the importance of cybersecurity. Don’t wait for the next data breach to take action. Stay informed and protected by coming back to learn more about the latest cybersecurity news and trends. Knowledge is power, and we’re here to help you stay one step ahead of cybercriminals.