JD.com, China’s e-commerce giant, has reportedly been targeted by the Babuk ransomware cartel. Hackers claim to have stolen over 11GB of data, including sensitive customer information.
The attackers announced their claim on a dark web forum, specifying the stolen data includes customer names, usernames, passwords, email addresses, QQ numbers, and ID cards. This extensive data breach poses significant risks to affected individuals, opening them to account takeovers and identity theft.
Babuk ransomware Hackers claims JD.com on the dark web.
Source: Cybernews.com
The theft of QQ numbers is particularly concerning, given their crucial role in China’s e-commerce ecosystem. This incident is a stark reminder of the consequences of inadequate cybersecurity measures. Read more about the latest ransomware attacks affecting enterprises.
The Scope of the JD.com Data Breach
The leaked data, if confirmed, presents several immediate and long-term risks. Attackers can use stolen credentials to access user accounts across various platforms.
The inclusion of ID cards allows for identity theft, potentially leading to fraudulent activities like opening bank accounts or obtaining services under stolen identities. The compromise of QQ numbers is especially dangerous due to their integration with Chinese payment systems and social networks.
Furthermore, the reuse of passwords across multiple accounts is a common practice, increasing the risk of further breaches. This is a significant concern for businesses, as it can lead to cascading effects, impacting not only individuals but also the enterprise’s reputation and financial stability.
This attack echoes similar large-scale data breaches, such as the recent one uncovering 1.5 billion records, including over 142 million potentially linked to JD.com.
Babuk Ransomware Behind the JD.com CyberAttack
The Babuk ransomware group, known for its aggressive tactics, is responsible for this attack. They use leak sites to pressure victims into paying ransoms, threatening to publicly release stolen data if demands are not met.
Babuk’s history is linked to the Russia-based Evil Corp, a notorious cybercriminal organization. The UK’s National Crime Agency has imposed financial sanctions on several Evil Corp members.
While Babuk was inactive for a period, it recently resurfaced, targeting numerous organizations, including over 30 in March 2025 alone. This highlights the persistent threat posed by sophisticated ransomware groups.
Helpful Reads:
