Security News Shopping platform PandaBuy data leak impacts 1.3 million users

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,612
Content source
https://www.bleepingcomputer.com/news/security/shopping-platform-pandabuy-data-leak-impacts-13-million-users/
Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems.

PandaBuy allows international users to purchase products from various e-commerce platforms in China, including Tmall, Taobao, and JD.com.

Yesterday, a threat actor named 'Sanggiero' claimed a breach on PandaBuy, allegedly performed together with another threat actor called 'IntelBoker.'

"The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website," the threat actor said.

"The data contained 3M+ unique UserId, First Name, Last Name, Phone Numbers, Emails, Login IP, Orders_Data, Orders_Id, Home_address, Zip, Country, and so on."
Click to expand...
PandaBuy has not made any statements about the data breach. According to some reports, the company is trying to conceal the incident by censoring user posts on Discord and Reddit.

A company representative with an administrator role on the Discord channel said that a security incident had occurred in the past and that the leaked data was old and that the platform's security team had responded to the issue promptly.

If you have an account on PandaBuy, it is strongly recommended to reset your password. Also, remain vigilant for scam attempts and treat unsolicited communications with suspicion.

PandaBuy user data has been added to HIBP and subscribers to the service should have received an email informing them of the leak.
Click to expand...
www.bleepingcomputer.com

Shopping platform PandaBuy data leak impacts 1.3 million users

Data belonging to more than 1.3 million customers of the PandaBuy online shopping platform has been leaked, allegedly after two threat actors exploited multiple vulnerabilities to breach systems.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Wow
Reactions: Nikos751, Jonny Quest, Trident and 1 other person

Similar threads

vtqhtr413
    • Wow
    • +Reputation
    • Like
Security News AT&T says leaked data of 70m people is not from its systems
Replies
3
Views
1,724
Security News
vtqhtr413
vtqhtr413
vtqhtr413
    • Wow
    • +Reputation
    • Like
Security News French unemployment agency data breach impacts 43 million
Replies
3
Views
1,019
Security News
Bot
Bot
Gandalf_The_Grey
    • Like
    • Wow
Security News INC Ransom threatens to leak 3TB of NHS Scotland stolen data
Replies
0
Views
1,013
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top