Malicious threat actors claim to have breached PandaBuy, a popular global shopping platform for products from China. The hackers posted more than three million rows of data on an illicit forum, with researchers identifying 1.3 million unique accounts.
The exposed PandaBuy database contains user IDs, full names, phone numbers, emails, home addresses, login IPs, order data, and others.
According to a post on BreachForums, two bad actors are responsible for the leak. They go by the monikers Sanggiero and IntelBroker, with IntelBroker being infamous for significant breaches, including stolen data from General Electric, the US Citizenship and Immigration Services (USCIS), US cellular carriers, and Facebook Marketplace.
“The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website,” the hackers posted.
Many cybersecurity researchers confirmed the data appears to be legitimate.
“Thanks to a combination of enumeration vector and the presence of Mailinator addresses, it's very clear the user data did indeed come from Pandabuy. Made-up email addresses are confirmed as non-existent, whilst addresses in the breach successfully get reset emails,” Troy Hunt, a security consultant who runs data-breach search website Have I Been Pwned, posted on X.
The breach was also confirmed by researchers from vx-underground, who noted that “Breach patrons are relatively excited.”
“As news of the PandaBuy breach started to get out, it was evident that they had been breached in a big way. One of the most telling things is that they were able to get order IDs for each order,” Jason Kent, Hacker In Residence at Cequence Security, said.
He explained that attackers have many reconnaissance options when targeting an organization, such as analyzing subdomains or the deployed software using reverse proxy tools to see what data is being transferred.
“In this case, it seems like they were able to get the whole thing because it arrived with duplicated data. Indicating not only is it possible to pull the whole thing but also the database needs some maintenance. In a semi-standard denial fashion, PandaBuy says the data breach is old and that no one was impacted, but simply having a list of good emails from a database is gold in the hands of the trained attacker. Having more and more information is even worse from a context point of view,” Kent said.
PandaBuy posted confirmation on Discord saying that the data breach “affected some users”.
“After checking, this incident was caused by a hacker organization using illegal technology to break through the platform's information security and try to enter into the platform's information system and make it public after illegally stealing some user information. After comparing the data, this information doesn't involve your bank/ transaction and other personal information,” a repost on X says.
The company assured users that orders, parcels, and payment information will not be affected and the accounts are safe, while also offering a 10% freight subsidy code. However, security experts suggest at least changing the credentials used for login.
Your email address will not be published. Required fields are markedmarked