PandaBuy data breach affects 1.3 million individuals

Published:

spot_img

PandaBuy Data Breach: Hackers Expose 1.3 Million User Accounts

Malicious threat actors have claimed to have breached PandaBuy, a popular global shopping platform for products from China, exposing over three million rows of data on an illicit forum. Researchers have identified 1.3 million unique accounts in the leaked data.

The exposed PandaBuy database includes user IDs, full names, phone numbers, emails, home addresses, login IPs, order data, and more. The hackers responsible for the breach, known as Sanggiero and IntelBroker, have a history of significant breaches, including data stolen from General Electric, USCIS, US cellular carriers, and Facebook Marketplace.

The hackers stated that they exploited critical vulnerabilities in the platform’s API to access the internal service of the website. Cybersecurity researchers have confirmed the legitimacy of the data, with Troy Hunt from Have I Been Pwned noting the presence of Mailinator addresses in the breach.

Jason Kent, Hacker In Residence at Cequence Security, highlighted the reconnaissance options attackers have when targeting an organization, emphasizing the importance of maintaining database integrity. PandaBuy confirmed the breach on Discord, stating that it only affected some users and reassuring that orders, parcels, and payment information remain safe.

While PandaBuy offers a 10% freight subsidy code to affected users, security experts recommend changing login credentials. The company emphasized that the breach did not involve bank or transaction information. As the investigation continues, users are advised to stay vigilant and take necessary precautions to protect their accounts.

spot_img

Related articles

Recent articles

China-Linked Hackers Target SAP and SQL Server Vulnerabilities in Asia and Brazil

Rising Cyber Threats: The Impact of Earth Lamia on Businesses Worldwide In recent months, an alarming trend has emerged from the cyber landscape involving a...

Flock Chooses Not to Use Hacked Data for People Search Tool

Flock's New People Search Tool: Nova's Commitment to Data Integrity Introduction to Flock Nova In a recent company-wide meeting, Flock, a prominent surveillance technology firm, made...

DeepSeek Launches Enhanced R1 Model to Challenge OpenAI and Google

DeepSeek Unveils Updated R1 Reasoning AI Model DeepSeek has recently made headlines with the release of its updated R1 reasoning AI model, as announced through...

Dubai Real Estate Experts Reveal 3 Predictions Following Record $17 Billion Sales in April

Insights from Dubai's Real Estate Roundtable: A Path Forward As Dubai's property market continues to soar to new heights, an exclusive roundtable organized by Property...