Security News > 2024 > June > PandaBuy pays ransom to hacker only to get extorted again
Chinese shopping platform Pandabuy told BleepingComputer it previously paid a a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again this week.
On March 31, 2024, a threat actor using the alias 'Sanggiero' published 3 million rows of data stolen from PandaBuy on BreachForums, exposing customer names, phone numbers, email addresses, login IP addresses, home addresses, and order details.
The threat actor claimed they managed to steal that data by exploiting several critical vulnerabilities in the PandaBuy API. This data was shared with the data breach notification service Have I Been Pwned, which added 1.35 million email addresses from this incident to its system.
A Pandabuy spokesperson admitted to BleepingComputer that they had paid the hacker an undisclosed amount to stop the data leak, adding that the threat actor may have shared the data with others, so they would no longer cooperate with him.
"At present, we cannot continue to pay the hacker fees due to the frozen funds, and the data he leaked is the same as the last one. We have confirmed with the technical department that all the loopholes have been fixed at the time of the first leak incident. And for all we know, he secretly sold our data to other agents after he made the deal with us. We can not cooperate with him in the future."
If you have not previously reset your password at Pandabuy, it is strongly advised that you do so now, in case additional data was stolen, as the threat actor claims.