PandaBuy data breach affects 1.3 million individuals

Published:

spot_img

PandaBuy Data Breach: Hackers Expose 1.3 Million User Accounts

Malicious threat actors have claimed to have breached PandaBuy, a popular global shopping platform for products from China, exposing over three million rows of data on an illicit forum. Researchers have identified 1.3 million unique accounts in the leaked data.

The exposed PandaBuy database includes user IDs, full names, phone numbers, emails, home addresses, login IPs, order data, and more. The hackers responsible for the breach, known as Sanggiero and IntelBroker, have a history of significant breaches, including data stolen from General Electric, USCIS, US cellular carriers, and Facebook Marketplace.

The hackers stated that they exploited critical vulnerabilities in the platform’s API to access the internal service of the website. Cybersecurity researchers have confirmed the legitimacy of the data, with Troy Hunt from Have I Been Pwned noting the presence of Mailinator addresses in the breach.

Jason Kent, Hacker In Residence at Cequence Security, highlighted the reconnaissance options attackers have when targeting an organization, emphasizing the importance of maintaining database integrity. PandaBuy confirmed the breach on Discord, stating that it only affected some users and reassuring that orders, parcels, and payment information remain safe.

While PandaBuy offers a 10% freight subsidy code to affected users, security experts recommend changing login credentials. The company emphasized that the breach did not involve bank or transaction information. As the investigation continues, users are advised to stay vigilant and take necessary precautions to protect their accounts.

spot_img

Related articles

Recent articles

In Other News: Canadian Hacker Jailed, 14 Million Affected by KDDI Data Breach, Two Sentenced for ATM Jackpotting

In Other News: Canadian Hacker Jailed, 14 Million Affected by KDDI Data Breach, Two Sentenced for ATM Jackpotting In recent cybersecurity developments, significant incidents have...

In Kinshasa, President Tshisekedi Accelerates Ebola Response as President Ramaphosa Promotes African Solidarity

In Kinshasa, President Tshisekedi Accelerates Ebola Response as President Ramaphosa Promotes African Solidarity In a significant move to combat the ongoing Ebola outbreak, President Félix...

North Korea-Linked npm Packages Masquerade as Rollup Polyfills to Exfiltrate Developer Secrets

North Korea-Linked npm Packages Masquerade as Rollup Polyfills to Exfiltrate Developer Secrets Recent cybersecurity developments have revealed a new wave of malicious npm packages linked...

UK’s National Cyber Action Plan Delayed Amid Labour Leadership Crisis

UK's National Cyber Action Plan Delayed Amid Labour Leadership Crisis Britain's National Cyber Action Plan, a crucial initiative aimed at bolstering the economy against state-sponsored...