CyberManipal.

Tech news from MIST

When Pandas Leaked More Than Just Cute Videos

Breaches
@Rizzabh

Rishabh Jain

April 1, 2024

PandaBuy, a platform enabling international purchases from Chinese e-commerce giants such as Tmall, Taobao, and JD.com, has been compromised in a recent breach. Allegedly orchestrated by 'Sanggiero' and 'IntelBoker,' the attack exploited critical vulnerabilities in the platform's API and other bugs to gain access to its internal services. The stolen data, which includes over 3 million unique user details like names, phone numbers, emails, login IPs, order information, and addresses, has been shared on a forum. Access to this data was available to registered members for a symbolic cryptocurrency payment. To authenticate the leaked information, a sample containing email addresses, customer names, order details, and payment IDs was provided. Troy Hunt confirmed 1.3 million valid email addresses, refuting the inflated claim of 3 million. Despite this breach, PandaBuy has yet to address the situation publicly.

Abridged fromBleeping Computer

Click here to see the original post

Share this article