Brinztech Alert: Alleged Database of Gwdang.com (China E-commerce) is Leaked (666k Records)

Dark Web News Analysis

A threat actor on a monitored hacker forum has claimed responsibility for hacking and leaking a database belonging to Gwdang.com, a Chinese online shopping platform. The leak contains approximately 666,000 user records.

Brinztech Analysis:

• The Target: Gwdang.com appears to be a niche e-commerce or shopping guide platform. In the Chinese digital ecosystem, even smaller platforms collect significant user data linked to real identities (due to real-name regulations).
• The Data: While specific fields were not detailed in the snippet, e-commerce leaks typically comprise:
  • Identity: Usernames (often Mobile Numbers), Passwords (hashed or plaintext).
  • Order History: Shipping addresses and purchase details.
  • Contact: Mobile Phone numbers are the primary identifier in China.
• The Intent: The actor claiming “responsibility for the hack” rather than just selling data suggests this might be a reputation-building exercise or a “proof of concept” intrusion, with the data dumped for free or low cost to gain credibility.

Key Cybersecurity Insights

This alleged data breach presents specific risks to Chinese consumers:

• “Fake Refund” Scams (Telecom Fraud): The most immediate danger in Chinese e-commerce breaches is the “Customer Service” scam.
  • Scenario: Attackers call the victim: “Hello, this is Gwdang Customer Support. Your recent order [Item Name] was lost/defective. We need to process a refund to your Alipay.” Because they know the exact item purchased, the victim trusts them and clicks a phishing link.
• Credential Stuffing: Chinese users often use the same password across platforms (e.g., Gwdang, Taobao, Weibo). Attackers will use automated tools to test these 666,000 credentials against high-value targets like Alipay or WeChat.
• Smishing (SMS Phishing): With mobile numbers exposed, users will receive SMS messages containing malicious links (e.g., “Package delivery failed, click here to update address”) that install malware on Android devices.

Mitigation Strategies

In response to this breach, Gwdang.com and its users must act immediately:

• “National Anti-Fraud” App: Users should ensure they have the National Anti-Fraud Center (Guojia Fan Zha Zhongxin) app installed to filter scam calls originating from this leak.
• Force Password Reset: Gwdang administrators must invalidate all user passwords immediately.
• Customer Advisory: Post a prominent warning on the homepage: “Gwdang customer service will NEVER ask you to pay a fee to receive a refund. Do not trust callers claiming to be us.”
• Cross-Platform Hygiene: Users who used their Gwdang password on other sites should change it everywhere immediately.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com