Threat actors Sangierro and IntelBroker have just leaked a huge database that allegedly contains the information of over 1.3 million PandaBuy customers.
PandaBuy is an online shopping platform that allows users to make purchases from multiple e-commerce shops from China.
In a post yesterday on the BreachForums community, one of the threat actors said “the data was stolen by exploiting several critical vulnerabilities in the platform’s API.”
“Other bugs were identified allowing access to the internal service of the website,” Sangierro added.
The stolen information uploaded on the hacker forum, currently up for grabs for small crypto payments by any registered members, includes:
To add legitimacy to their claims, Saggiero also listed a limited data sample on the forum.
Cybersecurity researcher Troy Hunt, who analyzed the entire database, has confirmed that the database does indeed belong to PandaBuy customers.
“Thanks to a combination of enumeration vector and the presence of Mailinator addresses, it’s very clear the user data did indeed come from Pandabuy,” Hunt said. “Made-up email addresses are confirmed as non-existent, whilst addresses in the breach successfully get reset emails.”
What should users do?
In the aftermath of a data breach and subsequent online data leakage, victims must be proactive to prevent potential risk, and:
To limit the impact of data breaches, use Bitdefender Digital Identity Protection.
Our dedicated identity protection service helps you control, manage and safeguard your identity from data breaches and leaks through continuous web scans (including the Dark Web) that search for leaked data.
You get a full view of your digital footprint, data breach history and risk map, and visualize any personal information that may have ended up online: email addresses, phone numbers, passwords, social media links, physical addresses, and credit card details.
On top of 24/7 data breach alerts, you can benefit from the industry's first Identity Protection Score, which will help you understand the extent of the breach and how it can impact you. You will also receive actionable advice to immediately minimize risk toward your finances and identity.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024
July 25, 2024