Pandabuy is a popular shipping platform that allows you to buy products from Chinese online stores such as Tmal and Toabao. Recently, the website has become famous for, among others, the fact that through it it was possible to purchase replicas of expensive clothes. Unfortunately, such goods were often later resold as “original”, which caused numerous controversies.
Now the platform (as well as its customers) must face a gigantic data leak. Thanks to two hackers, the data of almost 1.3 million PandaBuy customers was accessed online. Cybercriminals obtained this data by exploiting vulnerabilities in the platform’s API.
The information obtained in this way was then offered by hackers on Internet forums for relatively little money. The stolen data includes, among others: usernames, names, telephone numbers, email addresses, IP addresses, home addresses and ordering data on the platform.
Data of 1.3 million Pandabuy customers online. Famous Poles are to be on the list
Pandabay customer data was made publicly available online on March 31, 2024. The hacker nicknamed Sanggiero boasted that the seized database included the data of 3 million Pandabuy customers, but as cybersecurity experts emphasize, this number is probably overstated.
Troy Hunt, one of the greatest authorities in the cybersecurity industry and creator of the website Have I Been Pwned? confirmed the authenticity of almost 1.3 million email addresses contained in the database.
Thanks to the combination of the enumeration vector and the presence of addresses in the Mailinator mailbox, it is clear that the user data actually came from Pandabuy
Hunt said.
The platform itself also confirmed in a post published on its official Discord channel that customer data had been leaked, blaming it on hackers. At the same time, the company claims that mostly outdated data was leaked, and the security team immediately addressed the issue.
The list of Pandabuy clients whose private data was leaked online also includes Poles, including popular rappers and YouTubers. The whole situation is dangerous for these people, because almost anyone can now gain access to their telephone numbers or home addresses.
Data leak from Pandabuy. How to check if we have been the victim of an attack?
There is a way to check if you have been the victim of a Pandabuy data breach or other such attack. This enables, among others: website created by the above-mentioned Troy Hunt.
Just enter our e-mail address in the search engine and HaveIBeenPwned will generate a list of websites from which our data may have been leaked. What’s more, this week a search function by phone number was also made available (in the format +48 XXX XXX XXX).
The HaveIBeenPwned website has been operating continuously for many years and so far there has been no incident that would call into question its credibility. It is also recommended by many experts.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
