Jingdong, China‘s largest retailer, has allegedly been targeted by a ransomware cartel. The hackers claim they’ve stolen copious amounts of company data, including customer passwords.
The Chinese retailer, also known as JD.com, appeared on Babuk ransomware‘s dark web forum on Sunday. The attackers say they‘ve stolen over 11GB of the company’s data.
Jingdong is sometimes compared to Amazon. The company is a top-tier e-commerce platform in China, with revenue exceeding $150 billion in 2023 and over 620,000 staff.
It has a large presence in retail, logistics, tech, health and industrial sectors in China. The company is on par with other Chinese internet companies, such as Alibaba and Tencent.
We have reached out to the company for comment and will update the story once we receive a reply.
JD.com wasn't the only high-value target Babuk claims to have breached in recent days. The gang supposedly penetrated Temu's sister company Pinduoduo, taking data on data on nearly 700 million people. However, Pinduoduo denied such claims, calling the dataset “fabricated.”
Another behemoth on Babuk's list of recent victims is Alibaba Group-owned online shopping platform Taobao. Cybercrooks also claim they have taken data from a major telecom Orange.
What Jingdong data did the hackers steal?
The attack against JD.com was announced via a post on a dark web leak site, with attackers claiming they got their hands on:
- Customer names
- Usernames
- Passwords
- Email addresses
- QQ numbers
- ID cards
If confirmed, the leak would pose severe risks to impacted individuals. Most obviously, attackers could utilize this type of data to take over user accounts. However, additional data points could allow attackers to opt for identity theft as the allegedly leaked details allow them to get a comprehensive user portrait.
With leaked ID numbers, attackers can try setting up fraudulent bank accounts or applying for other identity-specific services.
Another severe risk comes from the supposedly leaked QQ numbers. These come from Tencent QQ, an essential Chinese all-in-one app. QQ numbers are an integral part of China‘s e-commerce ecosystem, tied to payment systems and social networks.
Apart from immediate risks, some long-term effects of such attacks remain for years to come. For one, users often reuse passwords, so attackers could exploit one data leak to target victims’ other accounts.
Earlier this year, the Cybernews research team uncovered a colossal data leak, with 1.5 billion records, with full names and government ID numbers exposed. Over 142 million records in the leaked data were attributed to JD.com.
Who’s behind the JD.com attack?
Jingdong‘s data was posted on Babuk ransomware‘s leak site, which the group utilizes to showcase and threaten its victims. Ransomware cartels often employ this tactic to scare victims into succumbing to ransom demands, threatening to leak the supposedly stolen data.
Babuk ransomware initially appeared in 2020, with researchers linking the group with Russia-linked cybercriminal organization Evil Corp as well as ransomware behemoths Ryuk and Sodinokibi. Last year, the UK's National Crime Agency slapped a dozen of Evil Corp‘s members with financial sanctions.
However, Babuk was inactive for nearly a year, resurfacing in January 2025 with 60 new victims. According to Ransomlooker, Cybernews‘ ransomware monitoring tool, the gang has victimized over 30 organizations in March this year alone.
Your email address will not be published. Required fields are markedmarked