Pandabuy Breach: What You Need to Know and How to Protect Yourself

  • By Farrukh Mushtaq

    Farrukh Mushtaq

    Author Image

    Farrukh Mushtaq, a digital marketer at PureSquare, possesses a keen interest in cybersecurity and enjoys writing about it. With several years of experience in the digital marketing industry, he brings expertise and passion to his work.

    See author profile
  • 16 August 2024
  • 12 mins read

Did you know? You can be exposed based on your internet shopping habits alone! 

Millions of users' personal information was stolen by a recent data breach at Pandabuy. Your data's security and the hazards it may provide are seriously compromised by this large breach. 

Let’s examine the specifics of the Pandabuy data breach, consider how it might affect impacted consumers, and offer crucial security precautions.

What Happened in the Pandabuy Breach?

One of the most damaging data breaches occurred at Pandabuy, a shopping site, in April 2024. Hackers with the usernames Sanggiero and IntelBroker were able to get access to and make use of the personal data of more than 1.3 million users.

After releasing some of the stolen data at first, the hackers threatened to seek a ransom from Pandabuy. The hackers later claimed to have even more material than they had previously revealed and offered the complete database for sale again, even after the ransom was paid. 

Notification service for data breaches HIBP founder Troy Hunt has noted that the remaining email addresses are duplicates and 1.3 million unique email addresses have already been added to Have I Been Pwned.

Sanggiero has continued to sell the stolen database for $40,000 even after receiving payment from Pandabuy. The hacker claims that the new dataset has over 17 times as many lines of content. Pandabuy did observe that this database used the identical dataset as the earlier leak.

This incident serves as a reminder of the serious threats that internet businesses and their clients confront, as well as the growing sophistication of cyberattacks. 

What was the Impact on Pandabuy Customers?

Over 1.3 million customers had their data compromised as a result of the Pandabuy data breach. 

The following stolen data has been submitted to the hacker forum and is currently available for minor cryptocurrency payments to any registered members: 

  • Complete names of the clients
  • Phone numbers
  • Email addresses
  • Contact details
  • Order information 
  • Login IP
  • Zip codes
  • House addresses
  • Country of residence

Cyberattackers & Cybersecurity Researchers Confirmed the Legitimacy of the Data

The hackers wrote:

"Several significant vulnerabilities in the platform's API were exploited to steal the data, and additional bugs that allowed access to the website's internal service were found."

PandaBuy confirmed the data breach on Discord, stating that it "affected some users."

Troy Hunt, a cybersecurity expert, has verified that the database does belong to PandaBuy customers after reviewing the complete dataset.

Hunt said:

Thanks to a combination of enumeration vectors and the presence of Mailinator addresses, it’s very clear the user data did indeed come from Pandabuy. Made-up email addresses are confirmed as non-existent, whilst addresses in the breach successfully get reset emails.

Though security experts recommend at least updating the login credentials, the company informs users that orders, packages, payment information, and the accounts themselves are safe. In addition, the company offered a 10% freight subsidy code.

What are the Potential Privacy Risks from Exposed Data?

There are several ways to take advantage of the exposed information, which includes home addresses, phone numbers, email addresses, names, and order information:

Taking Over AccountsAttackers may try to take over active accounts on other platforms by using personal information, which could result in monetary loss and harm to one's reputation.
Scamming and PhishingCybercriminals can use the information that has been exposed to craft highly targeted phishing attempts that fool victims into disclosing personal financial information.
Unauthorized PurchasingIf the compromised data contained credit card information, it might be used to make fraudulent online purchases.
DoxingWhen victims' personal information is compromised, it can be used to harass and threaten them, particularly when addresses and phone numbers are disclosed.
StalkingIndividuals who possess detailed personal information may become targets of stalking, which increases the danger of physical harm.
Social EngineeringInformation about specific people can be obtained from the disclosed data and used to manipulate victims in social engineering attacks.
Blackmailing and ExtortionThreat actors may utilize the information that has been made public to extort or blackmail victims.

How to Take Immediate Action in Case of a Data Breach?

Following a data breach and associated online data release, victims need to take preventative measures to minimize potential risks, including:

  • Change the password for PandaBuy. Individuals who have utilized identical login passwords across several web platforms have to change them altogether.
  • Be cautious when approving unsolicited emails and attachments.
  • Employ a specialized identity protection service to keep an eye out for any upcoming data leaks and breaches.
  • Watch out for shady calls, emails, or texts purporting to be from Pandabuy or other associated companies. Avoid downloading attachments or clicking links from unidentified sources.
  • Report any fraudulent activity you come across to the relevant authorities and your financial institution.

Use Dark Web Monitoring to Get Alerts About Information Leaks

Your personal information is a target for hackers and scammers, that will ruin your online identity and finances.

Imagine losing your hard-earned money, your reputation, and your peace of mind to a cybercriminal.

With PurePrivacy, you can scan the Dark Web 24/7 and receive alert notifications whenever someone posts your private information (name, address, credit card details, credentials, SSN). At only $5.83/month, you'll get instant dark web alerts and the power to stop data breaches dead in their tracks.

Get Pureprivacy Now Read more about Pureprivacy Dark Web Monitoring alert

Protect Your Online Identity from Cyber Attacks with PurePrivacy

You can use PurePrivacy to protect personal data from prying eyes with the help of multiple privacy-focused options:

  • Use the Social Privacy Manager to make tailored privacy tweaks 
  • Get the Tracker Blocker to prevent data collection on multiple platforms
  • Enable Remove My Data option to get personal information removed automatically
  • Run Dark Web scans constantly to see if someone posts your data without consent 

Scan the Dark Web 24/7

You can use PurePrivacy to check the Dark Web for your personal data and take action before someone sells your data. 

Send Data Removal Requests

You can automate information removal requests to 200+ data brokers and remove data from publicly available platforms.

Get Suggestions to Improve Privacy

You can use PurePrivacy to review and tweak privacy settings on social media accounts, identify possible weaknesses, and enhance online security.

Block 1000+ Internet Trackers 

You can get rid of multiple, unwanted, online trackers that are involved in data collection and selling data to the highest bidders. 

Frequently Asked Questions (FAQs)

  • Was there a data breach at PandaBuy?

    Plus

    Threat actors took advantage of vulnerabilities in PandaBuy's system in April 2024. User IDs, complete names, phone numbers, email addresses, home locations, login IPs, and order details were among the information that was compromised.

  • Is there any need to worry about a data leak?

    Plus

    You are impacted by a data breach in multiple ways. It raises the chances that you will fall victim to financial fraud and identity theft. A hacker can use a password leak to get instant access to someone’s account sharing the same password.

  • Can my data be used by hackers?

    Plus

    Yes. Unexpected surges in data usage could indicate that someone is using your information for malicious purposes. Your data may be used by an Android or iPhone hacker to send information gathered from your phone.

  • Simplify your online presence today

    With PurePrivacy, make sure all your personal data remains safe without a hassle!

In Summary

The PandaBuy data leak, which exposed the private information of millions of customers, represents an alarming loss of user confidence. This incident highlights how important it is for online platforms to have strong cybersecurity measures in place to protect user data.
You can consider using PurePrivacy to prevent future data leaks and online threats, keeping your personal information safe online.