Massive Data Breach Hits 1.3 Million Users on PandaBuy Shopping Platform: Protect Your Information Now

Data breaches are nothing new, but they still manage to catch us off guard. Recently, the PandaBuy online shopping platform fell victim to a data leak, exposing the personal information of more than 1.3 million customers. The alleged culprits? Two threat actors who exploited multiple vulnerabilities to breach the platform’s systems.

PandaBuy is a popular shopping platform that allows international users to purchase products from various e-commerce platforms in China, including Tmall, Taobao, and JD.com. Unfortunately, its security measures weren’t robust enough to keep these cybercriminals at bay.

The Data Breach

Yesterday, a threat actor going by the name ‘Sanggiero’ claimed responsibility for the PandaBuy breach, stating that they had worked together with another threat actor called ‘IntelBoker.’ They said, “The data was stolen by exploiting several critical vulnerabilities in the platform’s API and other bugs were identified allowing access to the internal service of the website.”

As a result, they were able to access and leak a vast amount of user data, including names, phone numbers, email addresses, login IPs, order data, shipping addresses, and more. The actual number of affected accounts, according to data breach aggregation service Have I Been Pwned (HIBP), is 1,348,407.

Leaked Data for Sale

The cybercriminals didn’t waste any time putting this stolen information to use. They posted the details of PandaBuy shoppers on a forum, offering it to registered members in exchange for a symbolic payment in cryptocurrency. To entice unregistered members, they provided a small sample of the data, which included email addresses, customer names, order numbers, shipping addresses, transaction dates, and payment IDs.

Troy Hunt, the creator of HIBP, tested password reset requests using the leaked email addresses and confirmed that at least 1.3 million of them are valid and originate from PandaBuy. The rest, it seems, are fabricated or duplicate addresses used by the threat actors to inflate the “3 million” figure they initially claimed.

A Silent Response?

Interestingly, PandaBuy has not released any public statements about the data breach. Some reports suggest that the company is attempting to conceal the incident by censoring user posts on Discord and Reddit. A company representative with an administrator role on the Discord channel claimed that the leaked data was old and that the platform’s security team had already addressed the issue.

What You Can Do

If you have an account on PandaBuy, it’s crucial to take action. Reset your password immediately, and be on high alert for scam attempts. Treat unsolicited communications with suspicion, and remember that cybercriminals are always looking for opportunities to exploit our trust.

PandaBuy user data has been added to HIBP, so if you’re a subscriber to their service, you should have received an email informing you of the leak.

Stay Informed and Protected

As an IT Services provider, we understand that cybersecurity is an ongoing battle. That’s why we’re committed to keeping you informed and helping you stay protected. Don’t hesitate to contact us to learn more about how we can assist you in safeguarding your online presence. And remember to keep coming back for the latest updates in the ever-evolving world of cybersecurity.