Security News Shopping platform PandaBuy data leak impacts 1.3 million users

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,242
Content source
https://www.bleepingcomputer.com/news/security/shopping-platform-pandabuy-data-leak-impacts-13-million-users/
Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems.

PandaBuy allows international users to purchase products from various e-commerce platforms in China, including Tmall, Taobao, and JD.com.

Yesterday, a threat actor named 'Sanggiero' claimed a breach on PandaBuy, allegedly performed together with another threat actor called 'IntelBoker.'

"The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website," the threat actor said.

"The data contained 3M+ unique UserId, First Name, Last Name, Phone Numbers, Emails, Login IP, Orders_Data, Orders_Id, Home_address, Zip, Country, and so on."
Click to expand...
PandaBuy has not made any statements about the data breach. According to some reports, the company is trying to conceal the incident by censoring user posts on Discord and Reddit.

A company representative with an administrator role on the Discord channel said that a security incident had occurred in the past and that the leaked data was old and that the platform's security team had responded to the issue promptly.

If you have an account on PandaBuy, it is strongly recommended to reset your password. Also, remain vigilant for scam attempts and treat unsolicited communications with suspicion.

PandaBuy user data has been added to HIBP and subscribers to the service should have received an email informing them of the leak.
Click to expand...
www.bleepingcomputer.com

Shopping platform PandaBuy data leak impacts 1.3 million users

Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Nikos751, Jonny Quest, Trident and 1 other person

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Internet Archive hacked, data breach impacts 31 million users
Replies
1
Views
2,449
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
Security News Free, France’s second largest ISP, confirms data breach after leak
Replies
0
Views
613
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
    • +Reputation
    • Thanks
Security News Hackers leak 2.7 billion data records with Social Security numbers
Replies
0
Views
2,345
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top