Babuk ransomware, a threat actor targeting big enterprises, claims to have stolen data from Taobao, an Alibaba Group-owned online shopping platform and the eighth most-visited website in China. Taobao says the leak is not from their platforms.
Babuk ransomware is selling stolen information about 600 million clients and over 8 billion orders. The threat actor posted unverified claims on its leak site on the dark web.
The data is split into two archives of over two terabytes. The 600GB Tar.gz and 1.8TB CSV archives allegedly contain private users' information such as platform, ID, phone, name, address, shopping details, price, and date. Babuk is looking for potential buyers.
It’s not clear how valid these claims are. The decimal number formatting for the provided figures is incorrect, and the post itself is written in broken English.
“hello world today we sell taobao company information in china and all information stolen about 815 million,” the post reads.
Cybernews has reached out to Taobao and Alibaba Group for clarification and will include their responses.
“Data privacy and security are of utmost importance to Taobao. Our internal investigation results indicate the alleged leak was not from our platforms,” Taobao spokesperson told Cybernews.com.
Taobao is a Chinese online marketplace. According to Similarweb, it is the eighth most-visited website in China and the 123rd most-visited website globally, attracting 172 million visitors monthly. The Taobao platform is tailored to small businesses and consumer-to-consumer retail.
Taobao has had serious cybersecurity incidents in the past. Cybernews reported on millions of Alibaba-owned marketplace users exposed last year. Back in 2020, over a billion of the platform’s users had their details illegally scraped by a marketing consultant.
First identified at the beginning of 2020, Babuk has targeted a wide range of industries. It operates as a ransomware-as-a-service and employs a “Big Game Hunting” approach. According to SentinelOne, Babuk ransomware is associated with Evil Corp, a cybercrime operations cluster originating from Russia.
Updated on March 18th [10:40 a.m. GMT] with a statement from Taobao.
Your email address will not be published. Required fields are markedmarked