Identity, Data Security, Privacy

Over 1.3M PandaBuy customers hit by data breach

Macro computer screen shot with binary code and password text.

Online shopping platform PandaBuy had more than 1.3 million customers' data exposed following a cyberattack claimed by Sanggiero to have been conducted in partnership with IntelBroker, reports BleepingComputer.

Numerous critical PandaBuy API vulnerabilities and other security issues have been exploited to facilitate the compromise of the website's internal service and obtain more than 3 million unique names, user IDs, emails, phone numbers, order data, and other information, which have been made available for purchase on a hacking forum, according to Sanggiero.

However, Have I Been Pwned? founder Troy Hunt disclosed that only 1.3 million of the exposed email addresses were legitimately from PandaBuy, with the rest being either duplicated or non-existent.

Such an incident has not yet been acknowledged by PandaBuy but an administrator on the firm's Discord channel noted that the incident involved old information and had already been addressed. Still, individuals with PandaBuy accounts have been urged to conduct immediate password resets and be mindful of attempted scams.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.