Shopping platform PandaBuy hit by data breach, exposes 1.3 million users

The PandaBuy online shopping platform is hit by a major data breach affecting over 1.3 million customers. PandaBuy serves as a gateway for international customers to access products from major Chinese e-commerce platforms like Tmall, Taobao, and JD.com.

The incident is attributed to the actions of two threat actors, named 'Sanggiero' and 'IntelBoker,' who reportedly exploited multiple critical vulnerabilities within PandaBuy's API and other system flaws.

The attackers disclosed that they obtained a vast array of personal information, including over 3 million:

• unique User IDs,
• first and last names,
• phone numbers,
• email addresses,
• login IPs,
• order data,
• order IDs,
• home addresses,
• ZIP codes,
• countries.

The real number of compromised accounts, as verified by the data breach aggregation service Have I Been Pwned (HIBP), stands at 1,348,407 due to the presence of fictitious and duplicate entries.

The compromised data has been leaked on a hacking forum for a symbolic fee. Samples including email addresses, customer names, order numbers and details, shipping addresses, transaction dates and times, and payment IDs were provided for verification.

Despite the severity of the breach, PandaBuy has not formally acknowledged the incident. Reports indicate that the company may be attempting to suppress information about the breach on platforms such as Discord and Reddit. No details are disclosed about the attack as well.

A PandaBuy representative on Discord acknowledged a past security incident, claiming the leaked data was outdated and that the platform's security team had already addressed the issue. Aall PandaBuy users are urged to change their passwords immediately and to exercise caution against potential scam attempts.