Why did cyber villains not keep their word and decided to get rich again on the popular E-commerce site?
Chinese e-commerce platform Pandabuy has once again been hit by cybercriminals. History has shown that paying ransom to ransomware does not guarantee security. In this article, we will briefly recall the April incident, as well as discuss the events of recent days.
In April of this year, a hacker under the pseudonym "Sanggiero" claimed to have hacked the Pandabuy platform and leaked data from more than 3 million customers. A member of the BreachForums forum reported that the data was stolen by exploiting several critical vulnerabilities in the platform and API. The cybercriminal claimed to have acted in concert with another hacker under the name "IntelBroker".
The stolen data at that time included:
The founder of the Have I Been Pwned (HIBP) service, Troy Hunt, confirmed that out of the entire array of 3 million rows, only 1.3 million email addresses are valid. The rest are just duplicates. Hunt added these addresses to the HIBP database so that users could check if they were affected by this incident.
Despite the fact that representatives of the platform paid ransomware to extortionists back in April, on June 3, 2024, the same "Sanggiero" again put up for sale the database stolen from Pandabuy, at a price of 40 thousand dollars. According to him, this new database, which already contains more than 17 million rows of data, is significantly more than the originally announced volume. Allegedly, because in April, hackers deliberately put up for sale only a part of the stolen data.
Representatives of Pandabuy admitted that the company in April paid the hacker a certain amount of cash ransom to prevent the leakage of customer data. However, as practice has shown, the decision was reckless and extremely inefficient from the point of view of data security.
Due to the hacker's bad faith, as well as the possible dissemination of information among other cybercriminals, the company decided not to cooperate with Sanggiero anymore.
The platform tried to minimize the significance of the incident, saying that the data offered by Sanggiero in June coincided with previously leaked data. However, given the fact that the new database is much larger, this leak can deal a new blow to users of Pandabuy.
Representatives of the platform stressed that all the vulnerabilities used for data theft have already been eliminated. Pandabuy also believes that hackers could have secretly sold data to other cybercriminals immediately after paying the ransom in April.
This situation once again highlights that cooperation with cybercriminals does not guarantee data security. Even after meeting the requirements of cyber bandits, including paying a ransom, the victim company may again be subjected to extortion and blackmail after a while.
Chinese e-commerce platform Pandabuy has once again been hit by cybercriminals. History has shown that paying ransom to ransomware does not guarantee security. In this article, we will briefly recall the April incident, as well as discuss the events of recent days.
In April of this year, a hacker under the pseudonym "Sanggiero" claimed to have hacked the Pandabuy platform and leaked data from more than 3 million customers. A member of the BreachForums forum reported that the data was stolen by exploiting several critical vulnerabilities in the platform and API. The cybercriminal claimed to have acted in concert with another hacker under the name "IntelBroker".
The stolen data at that time included:
- UserId;
- First and last names;
- Phone numbers;
- Email addresses;
- IP addresses;
- Home addresses;
- Information about orders.
The founder of the Have I Been Pwned (HIBP) service, Troy Hunt, confirmed that out of the entire array of 3 million rows, only 1.3 million email addresses are valid. The rest are just duplicates. Hunt added these addresses to the HIBP database so that users could check if they were affected by this incident.
Despite the fact that representatives of the platform paid ransomware to extortionists back in April, on June 3, 2024, the same "Sanggiero" again put up for sale the database stolen from Pandabuy, at a price of 40 thousand dollars. According to him, this new database, which already contains more than 17 million rows of data, is significantly more than the originally announced volume. Allegedly, because in April, hackers deliberately put up for sale only a part of the stolen data.
Representatives of Pandabuy admitted that the company in April paid the hacker a certain amount of cash ransom to prevent the leakage of customer data. However, as practice has shown, the decision was reckless and extremely inefficient from the point of view of data security.
Due to the hacker's bad faith, as well as the possible dissemination of information among other cybercriminals, the company decided not to cooperate with Sanggiero anymore.
The platform tried to minimize the significance of the incident, saying that the data offered by Sanggiero in June coincided with previously leaked data. However, given the fact that the new database is much larger, this leak can deal a new blow to users of Pandabuy.
Representatives of the platform stressed that all the vulnerabilities used for data theft have already been eliminated. Pandabuy also believes that hackers could have secretly sold data to other cybercriminals immediately after paying the ransom in April.
This situation once again highlights that cooperation with cybercriminals does not guarantee data security. Even after meeting the requirements of cyber bandits, including paying a ransom, the victim company may again be subjected to extortion and blackmail after a while.
