Pandabuy

Last updated
Pandabuy
IndustryCross-border e-commerce
Headquarters
Hangzhou
,
China
Products
Services
Number of employees
2,200+
Website www.pandabuy.com

Pandabuy was a Chinese e-commerce shipping agency website that ships manufactured products from China to the outside world. They are primarily known for shipping counterfeit consumer goods of designer clothing brands as well as expensive shoes made by companies such as Nike.

Contents

Pandabuy allowed for non-Chinese users to shop from major Chinese e-commerce websites, such as Tmall, Taobao, and JD.com, [1] serving as a 'middleman' shipping service. [2] Customers and online influencers would often post and promote counterfeit and replica products, known as "reps", that they purchased on Pandabuy, showing them off in "hauls" on social media platforms such as TikTok, [3] along with Discord and Reddit. [4]

History

In early 2024, Pandabuy suffered a data breach; on March 31, 2024, over 1.3 million customers had their personal information leaked on black hat-hacking forum BreachForums by hackers Sanggiero and IntelBroker. [5] According to Have I Been Pwned?, the breach affected 1,348,407 accounts on the platform. [6] [7] Pandabuy later confirmed the breach. [2] According to Bleeping Computer , a spokesperson for Pandabuy said that the company paid an unspecified amount of money to the attacker to prevent the breach from being leaked. On June 3, 2024, the individual responsible for the first data breach offered to sell even more alleged leaked data for $40,000. [5]

2024 raids

In April 2024, 16 brands took legal action against Pandabuy, alleging its involvement in the counterfeit business. Chinese authorities additionally raided their headquarters in Hangzhou as well as their various warehouses, seizing products and launching further investigations on sellers associated with the platform. [8] [9] According to reports, over 200 authorities in public security, along with local authorities were involved in the raids, with the help from 50 private sector investigators. Authorities seized millions of parcels, containing hundreds of thousands of counterfeit sneakers sold under brand names. The World Trademark Review reported that investigations began in November 2023 by the City of London Police with the help of multiple intellectual property organizations as part of Operation Ashiko. According to Cantoop, a Chinese intellectual property firm, Pandabuy operated out of five Chinese cities with "nearly 20 football stadiums' worth" of warehouses, while employing over 2,200 workers. [10]

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">UC Browser</span> Chinese web browser developed by UCWeb Inc

UC Browser is a web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It was the most popular mobile browser in India, Indonesia, and Mali, as well as the second-most popular one in China as of 2017. Its world-wide browser share as of May 2022 is 0.86% overall according to StatCounter.

Cyberwarfare by China is the aggregate of cyberattacks attributed to the organs of the People's Republic of China and various related advanced persistent threat (APT) groups.

On August 31, 2014, a collection of nearly five hundred private pictures of various celebrities, mostly women, with many containing nudity, were posted on the imageboard 4chan, and swiftly disseminated by other users on websites and social networks such as Imgur and Reddit. The leak was dubbed "The Fappening" or "Celebgate" by the public. The images were initially believed to have been obtained via a breach of Apple's cloud services suite iCloud, or a security issue in the iCloud API which allowed them to make unlimited attempts at guessing victims' passwords. Apple claimed in a press release that access was gained via spear phishing attacks.

PT Tokopedia is an Indonesian e-commerce company. Tokopedia is a subsidiary of a new holding company called GoTo, following a merger with Gojek on 17 May 2021. It is one of the most visited e-commerce platforms in Indonesia.

<span class="mw-page-title-main">Vault 7</span> CIA files on cyber war and surveillance

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the CIA.

<span class="mw-page-title-main">TikTok</span> Video-focused social media platform

TikTok, whose mainland Chinese and Hong Kong counterpart is Douyin, is a short-form video hosting service owned by Chinese internet company ByteDance. It hosts user-submitted videos, which can range in duration from three seconds to 60 minutes. It can be accessed with a smart phone app or the web.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

<span class="mw-page-title-main">Censorship of TikTok</span> Restriction of access to TikTok by governments and organizations

Many countries have imposed past or ongoing restrictions on the video sharing social network TikTok. Bans from government devices usually stem from national security concerns over potential access of data by the Chinese government. Other bans have cited children's well-being and offensive content such as pornography.

Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

There are reports of TikTok censoring political content related to China and other countries as well as content from minority creators. TikTok says that its initial content moderation policies, many of which are no longer applicable, were aimed at reducing divisiveness and were not politically motivated.

In 2020, the United States government announced that it was considering banning the Chinese social media platform TikTok upon a request from then-president Donald Trump, who viewed the app as a national security threat. The result was that TikTok owner ByteDance—which initially planned on selling a small portion of TikTok to an American company—agreed to divest TikTok to prevent a ban in the United States and in other countries where restrictions are also being considered due to privacy concerns, which themselves are mostly related to its ownership by a firm based in China.

<span class="mw-page-title-main">Censorship of Telegram</span>

The Telegram Messenger application has been blocked by multiple countries.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was active in several countries, and has had its members arrested in Brazil and the UK in 2022. According to City of London Police at least two of the members were teenagers.

<span class="mw-page-title-main">IntelBroker</span> Black-hat Hacker

IntelBroker is a Serbian black hat hacker active since October 2022, who has committed several high-profile cyber attacks. Their targets have included Europol, Pandabuy, and Apple, with over 80 sales and leaks of compromised data having been traced to them. They claim to be currently residing in Russia for security reasons.

References

  1. Khaitan, Ashish (April 2, 2024). "PandaBuy Leak List: 1.3M Users' Info Exposed In Cyberattack". The Cyber Express. Retrieved June 12, 2024.
  2. 1 2 Jones, Connor (April 2, 2024). "Pandabuy admits to data breach of 1.3 million unique records". The Register . Retrieved June 13, 2024.
  3. Takanashi, Lei (February 20, 2024). "The Worst TikTok Fashion Trends: Opiumcore, Flexing Pandabuy Fakes, and More". Complex . Retrieved June 13, 2024.
  4. Matsakis, Louise (March 10, 2024). "The Influencers Getting Paid to Promote Designer Knockoffs From China". Wired . Retrieved June 13, 2024.
  5. 1 2 Toulas, Bill (June 6, 2024). "PandaBuy pays ransom to hacker only to get extorted again". Bleeping Computer . Retrieved June 13, 2024.
  6. Fadilpašić, Sead (April 2, 2024). "Chinese ecommerce giant PandaBuy hit by cyberattack, data breach". TechRadar . Retrieved June 13, 2024.
  7. Toulas, Bill (April 1, 2024). "Shopping platform PandaBuy data leak impacts 1.3 million users". Bleeping Computer . Retrieved June 13, 2024.
  8. Neerman, Pauline (April 19, 2024). "Counterfeiting platform PandaBuy partially shut down by police raid". RetailDetail EU. Retrieved June 13, 2024.
  9. Quilty-Harper, Conrad (April 23, 2024). "China's Fake-Fashion Retailers Jolted by Pandabuy Raid". Bloomberg News . Retrieved June 13, 2024.
  10. Davidson, Helen (April 26, 2024). "Pandabuy: police raid '20 football stadiums' worth of alleged fake goods warehouses". The Guardian . Retrieved June 13, 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.