PandaBuy Data Breach: Hackers Expose 1.3 Million User Accounts

Malicious threat actors have claimed to have breached PandaBuy, a popular global shopping platform for products from China, exposing over three million rows of data on an illicit forum. Researchers have identified 1.3 million unique accounts in the leaked data.

The exposed PandaBuy database includes user IDs, full names, phone numbers, emails, home addresses, login IPs, order data, and more. The hackers responsible for the breach, known as Sanggiero and IntelBroker, have a history of significant breaches, including data stolen from General Electric, USCIS, US cellular carriers, and Facebook Marketplace.

The hackers stated that they exploited critical vulnerabilities in the platform’s API to access the internal service of the website. Cybersecurity researchers have confirmed the legitimacy of the data, with Troy Hunt from Have I Been Pwned noting the presence of Mailinator addresses in the breach.

Jason Kent, Hacker In Residence at Cequence Security, highlighted the reconnaissance options attackers have when targeting an organization, emphasizing the importance of maintaining database integrity. PandaBuy confirmed the breach on Discord, stating that it only affected some users and reassuring that orders, parcels, and payment information remain safe.

While PandaBuy offers a 10% freight subsidy code to affected users, security experts recommend changing login credentials. The company emphasized that the breach did not involve bank or transaction information. As the investigation continues, users are advised to stay vigilant and take necessary precautions to protect their accounts.