The Chinese Pandabuy Electronic Commerce Platform has once again fallen victim to cybercriminals, highlighting the risks of paying ransom to extortionists. This incident comes after a previous hacking in April, where data of over 3 million customers was leaked.
Back in April, a hacker known as “Sanggiero” claimed to have hacked into the Pandabuy platform and accessed customer data through critical vulnerabilities in the platform and its API. CyberPress reported that Sanggiero collaborated with another hacker named “Intelbroker.”
The stolen data in April included user IDs, names, phone numbers, email addresses, IP addresses, home addresses, and information about orders. Troy Hunt, the founder of Have I Been Pwned (HIBP) service, confirmed that out of the 3 million lines of data, only 1.3 million email addresses were valid.
Despite Pandabuy paying the extortionists in April, Sanggiero put up for sale a database containing over 17 million lines of data on June 3, 2024, for $40,000. Pandabuy admitted to paying a ransom in April to prevent data leakage, but this tactic proved to be ineffective in safeguarding customer data.
In response to the new extortion attempt, Pandabuy decided not to cooperate with Sanggiero due to the hacker’s dishonesty and the potential spread of information to other cybercriminals. The platform tried to downplay the incident by claiming that the data offered in June matched previously leaked data, but the larger volume still poses a threat to users.
Pandabuy assured users that all vulnerabilities used in the data breach have been patched. The company also suspects that hackers may have sold data to other cybercriminals shortly after receiving the ransom payment in April.
This incident serves as a stark reminder that engaging with cybercriminals does not guarantee data security. Even after meeting the demands of extortionists, companies remain at risk of being targeted again for further extortion and blackmail.