Article Details
Scrape Timestamp (UTC): 2024-04-01 15:05:34.446
Original Article Text
Click to Toggle View
Shopping platform PandaBuy data leak impacts 1.3 million users. Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems. PandaBuy allows international users to purchase products from various e-commerce platforms in China, including Tmall, Taobao, and JD.com. Yesterday, a threat actor named 'Sanggiero' claimed a breach on PandaBuy, allegedly performed together with another threat actor called 'IntelBoker.' "The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website," the threat actor said. "The data contained 3M+ unique UserId, First Name, Last Name, Phone Numbers, Emails, Login IP, Orders_Data, Orders_Id, Home_address, Zip, Country, and so on." According to data breach aggregation service Have I Been Pwned (HIBP), 1,348,407 PandaBuy accounts have been exposed in the breach. The details of PandaBuy shoppers were leaked on a forum and can be obtained by any registered members in exchange for a symbolic payment in cryptocurrency. To prove to unregistered members that the information is valid, the threat actor provides a small sample containing email addresses, customer names, order numbers and details, shipping addresses, transaction dates and times, and payment IDs. Troy Hunt, the creator of HIBP, tested password reset requests using the leaked addresses and confirmed that at least 1.3 million email addresses are valid and come from PandaBuy. The rest are made-up and duplicate addresses, so the "3 million" figure was inflated by the threat actors. PandaBuy has not made any statements about the data breach. According to some reports, the company is trying to conceal the incident by censoring user posts on Discord and Reddit. A company representative with an administrator role on the Discord channel said that a security incident had occurred in the past and that the leaked data was old and that the platform's security team had responded to the issue promptly. If you have an account on PandaBuy, it is strongly recommended to reset your password. Also, remain vigilant for scam attempts and treat unsolicited communications with suspicion. PandaBuy user data has been added to HIBP and subscribers to the service should have received an email informing them of the leak.
Daily Brief Summary
Over 1.3 million PandaBuy customers' data has been leaked after a breach by two threat actors exploiting multiple vulnerabilities.
PandaBuy, a platform for international shopping from Chinese e-commerce, has suffered a significant compromise of user data.
Threat actors 'Sanggiero' and 'IntelBoker' claimed credit for the breach, indicating they used critical API vulnerabilities for access.
The leaked data includes user IDs, names, contact details, order information, and addresses, partially available for purchase on a forum with cryptocurrency.
Have I Been Pwned has confirmed the exposure of 1,348,407 accounts, although the actual number of unique affected users is somewhat lower than the 3 million claimed by the threat actors.
There has been no official statement from PandaBuy, and there are allegations of the company attempting to censor discussions about the breach on social media platforms.
PandaBuy advised customers to change their passwords and remain alert for scams resulting from the breach.
The affected users' data has been added to Have I Been Pwned for notification purposes.