PandaBuy, an ecommerce platform, has issued an apology following the discovery of two cybercriminals selling the personal data of 1.3 million customers.
PandaBuy, an ecommerce platform, has issued an apology following the discovery of two cybercriminals selling the personal data of 1.3 million customers.
PandaBuy functions as a shipping platform based in China, enabling customers to buy products directly from Chinese vendors. Essentially acting as a middleman service, it aims to save consumers time and money on goods they would typically purchase from established retailers.
Initially, a user using the alias Sanggiero posted an advertisement on a cybercrime forum, claiming to have nearly 3 million rows of data on a spreadsheet for sale. The purported information encompasses user IDs, complete names, phone numbers, email addresses, IP addresses, residential addresses, and order details.
"The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website," the threat actor said.
As per the data breach aggregation service Have I Been Pwned (HIBP), a total of 1,348,407 PandaBuy accounts have been compromised in the breach.
The information of PandaBuy shoppers was disclosed on a forum and is available to any registered members in exchange for a nominal payment in cryptocurrency.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.