Security News Shopping platform PandaBuy data leak impacts 1.3 million users

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,685
Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems.

PandaBuy allows international users to purchase products from various e-commerce platforms in China, including Tmall, Taobao, and JD.com.

Yesterday, a threat actor named 'Sanggiero' claimed a breach on PandaBuy, allegedly performed together with another threat actor called 'IntelBoker.'

"The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website," the threat actor said.

"The data contained 3M+ unique UserId, First Name, Last Name, Phone Numbers, Emails, Login IP, Orders_Data, Orders_Id, Home_address, Zip, Country, and so on."
PandaBuy has not made any statements about the data breach. According to some reports, the company is trying to conceal the incident by censoring user posts on Discord and Reddit.

A company representative with an administrator role on the Discord channel said that a security incident had occurred in the past and that the leaked data was old and that the platform's security team had responded to the issue promptly.

If you have an account on PandaBuy, it is strongly recommended to reset your password. Also, remain vigilant for scam attempts and treat unsolicited communications with suspicion.

PandaBuy user data has been added to HIBP and subscribers to the service should have received an email informing them of the leak.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top