Online shopping platform PandaBuy had more than 1.3 million customers' data exposed following a cyberattack claimed by Sanggiero to have been conducted in partnership with IntelBroker, reports BleepingComputer.
Numerous critical PandaBuy API vulnerabilities and other security issues have been exploited to facilitate the compromise of the website's internal service and obtain more than 3 million unique names, user IDs, emails, phone numbers, order data, and other information, which have been made available for purchase on a hacking forum, according to Sanggiero.
However, Have I Been Pwned? founder Troy Hunt disclosed that only 1.3 million of the exposed email addresses were legitimately from PandaBuy, with the rest being either duplicated or non-existent.
Such an incident has not yet been acknowledged by PandaBuy but an administrator on the firm's Discord channel noted that the incident involved old information and had already been addressed. Still, individuals with PandaBuy accounts have been urged to conduct immediate password resets and be mindful of attempted scams.
