The online retail platform Pandabuy has been the victim of a data breach, with more than 1.3 million unique email addresses leaked onto a popular hacking forum.
The breach was first reported on the forum by a user named ‘Sanggiero,' who, along with his accomplice, ‘IntelBroker,' claimed responsibility for the hack. This incident came to light on March 31, 2024, and has raised serious concerns about data security and privacy for Pandabuy's users.
According to the details shared by the hackers, the data extracted from Pandabuy's systems included sensitive information such as:
- user IDs
- first and last names
- phone numbers
- email addresses
- login IPs
- detailed order data
- home addresses
- zip codes
- countries
The leaked data represents a vast array of personal information that could potentially be misused for identity theft, phishing scams, and other forms of cyber fraud.
The attackers purportedly gained access to this trove of data by exploiting critical vulnerabilities within Pandabuy's platform, particularly in the application programming interface (API) and other unspecified bugs that provided unauthorized access to the website's internal services. Samples of the compromised data were also posted on the forum, showcasing the depth and breadth of the personal information that has been made publicly accessible.
The breach was acknowledged by cybersecurity expert Troy Hunt, the founder of Have I Been Pwned, a website that allows individuals to check if their personal information has been compromised in data breaches. Via a thread on X, Hunt explained that the leaked data appears authentic, as he tested several of the leaked email addresses and confirmed he was able to trigger a password reset for the impacted accounts on Pandabuy.
Pandabuy, whose app has a million downloads on the Google Play Store and is also available on the App Store, has not yet publicly commented on the breach or outlined steps it plans to take to address the security vulnerabilities that led to the incident. As a result, the firm now faces scrutiny regarding its data protection practices and the measures it has in place to safeguard user information.
This incident adds to the growing list of data breaches affecting online retailers, highlighting the persistent challenges companies face in protecting consumer data. It serves as a stark reminder of the importance of robust cybersecurity measures and the need for continuous vigilance and improvement of digital security protocols to prevent such breaches in the future.
Affected users are advised to remain vigilant, monitor their accounts for any unusual activity, and consider taking steps to protect their personal information, such as changing passwords and enabling two-factor authentication where possible.
Backdoor in Widely Used XZ Utils Library Shakes the Linux World
Leave a Reply