Did you know? You can be exposed based on your internet shopping habits alone!
Millions of users' personal information was stolen by a recent data breach at Pandabuy. Your data's security and the hazards it may provide are seriously compromised by this large breach.
Let’s examine the specifics of the Pandabuy data breach, consider how it might affect impacted consumers, and offer crucial security precautions.
One of the most damaging data breaches occurred at Pandabuy, a shopping site, in April 2024. Hackers with the usernames Sanggiero and IntelBroker were able to get access to and make use of the personal data of more than 1.3 million users.
Sugargoo, a competitor to PandaBuy, has allegedly been compromised. Individuals operating under the monikers "IntelBroker" and "Sanggiero" are claiming responsibility for the breach.
— vx-underground (@vxunderground) April 8, 2024
- The data they claim to have exfiltrated is primarily user activity and settings. However, the… pic.twitter.com/HHu0GXEewW
After releasing some of the stolen data at first, the hackers threatened to seek a ransom from Pandabuy. The hackers later claimed to have even more material than they had previously revealed and offered the complete database for sale again, even after the ransom was paid.
Notification service for data breaches HIBP founder Troy Hunt has noted that the remaining email addresses are duplicates and 1.3 million unique email addresses have already been added to Have I Been Pwned.
Sanggiero has continued to sell the stolen database for $40,000 even after receiving payment from Pandabuy. The hacker claims that the new dataset has over 17 times as many lines of content. Pandabuy did observe that this database used the identical dataset as the earlier leak.
Big data breach in PandaBuy - right after big discounts due to anniversary of PandaBuy.
— xDˣᴰ (@ciskacz) April 1, 2024
Shame#DataBreach #pandabuy #lostdata #pandabuybreach pic.twitter.com/5R08MPeDEn
This incident serves as a reminder of the serious threats that internet businesses and their clients confront, as well as the growing sophistication of cyberattacks.
Over 1.3 million customers had their data compromised as a result of the Pandabuy data breach.
The following stolen data has been submitted to the hacker forum and is currently available for minor cryptocurrency payments to any registered members:
The hackers wrote:
"Several significant vulnerabilities in the platform's API were exploited to steal the data, and additional bugs that allowed access to the website's internal service were found."
PandaBuy confirmed the data breach on Discord, stating that it "affected some users."
Troy Hunt, a cybersecurity expert, has verified that the database does belong to PandaBuy customers after reviewing the complete dataset.
Hunt said:
“Thanks to a combination of enumeration vectors and the presence of Mailinator addresses, it’s very clear the user data did indeed come from Pandabuy. Made-up email addresses are confirmed as non-existent, whilst addresses in the breach successfully get reset emails.”
Though security experts recommend at least updating the login credentials, the company informs users that orders, packages, payment information, and the accounts themselves are safe. In addition, the company offered a 10% freight subsidy code.
There are several ways to take advantage of the exposed information, which includes home addresses, phone numbers, email addresses, names, and order information:
Taking Over Accounts | Attackers may try to take over active accounts on other platforms by using personal information, which could result in monetary loss and harm to one's reputation. |
Scamming and Phishing | Cybercriminals can use the information that has been exposed to craft highly targeted phishing attempts that fool victims into disclosing personal financial information. |
Unauthorized Purchasing | If the compromised data contained credit card information, it might be used to make fraudulent online purchases. |
Doxing | When victims' personal information is compromised, it can be used to harass and threaten them, particularly when addresses and phone numbers are disclosed. |
Stalking | Individuals who possess detailed personal information may become targets of stalking, which increases the danger of physical harm. |
Social Engineering | Information about specific people can be obtained from the disclosed data and used to manipulate victims in social engineering attacks. |
Blackmailing and Extortion | Threat actors may utilize the information that has been made public to extort or blackmail victims. |
Following a data breach and associated online data release, victims need to take preventative measures to minimize potential risks, including:
You can use PurePrivacy to protect personal data from prying eyes with the help of multiple privacy-focused options:
You can use PurePrivacy to check the Dark Web for your personal data and take action before someone sells your data.
You can automate information removal requests to 200+ data brokers and remove data from publicly available platforms.
You can use PurePrivacy to review and tweak privacy settings on social media accounts, identify possible weaknesses, and enhance online security.
You can get rid of multiple, unwanted, online trackers that are involved in data collection and selling data to the highest bidders.
Threat actors took advantage of vulnerabilities in PandaBuy's system in April 2024. User IDs, complete names, phone numbers, email addresses, home locations, login IPs, and order details were among the information that was compromised.
You are impacted by a data breach in multiple ways. It raises the chances that you will fall victim to financial fraud and identity theft. A hacker can use a password leak to get instant access to someone’s account sharing the same password.
Yes. Unexpected surges in data usage could indicate that someone is using your information for malicious purposes. Your data may be used by an Android or iPhone hacker to send information gathered from your phone.
The PandaBuy data leak, which exposed the private information of millions of customers, represents an alarming loss of user confidence. This incident highlights how important it is for online platforms to have strong cybersecurity measures in place to protect user data.
You can consider using PurePrivacy to prevent future data leaks and online threats, keeping your personal information safe online.