The popular online shopping platform PandaBuy allegedly fell victim to a massive data breach, leaving over 1.3 million users affected. The PandaBuy data breach was posted on a dark web forum in collaboration with two threat actors — Sanggiero and IntelBroker.
The two hackers exploited vulnerabilities within PandaBuy’s systems, including critical flaws in its API. These weaknesses granted unauthorized access to sensitive user data, including user IDs, names, contact details, login IP addresses, and order histories.
Alleged PandaBuy Data Breach Claims on Dark Web
PandaBuy, renowned for enabling overseas consumers to purchase products from Chinese e-commerce giants like Tmall, Taobao, and JD.com, has not confirmed the data breach. Howeer, Microsoft Regional Director, Troy Hunt confirmed that the leaked data “did indeed come from Pandabuy”.
Hunt also revealed that the sample data provided by the hackers had “made-up email addresses” that were not part of the original leak, which proves that the threat actors’ claim of the “3 million” was an exaggeration and the leaked data was limited to 1.3 Million accounts.
The PandaBuy data breach came to light when ‘Sanggiero’ posted about the incident on March 31, 2024, announcing the leaked download of the PandaBuy database on a hacking forum.
The threat actor post reads, In April 2024, almost 3M+ rows of data from the store company Pandabuy was posted to a popular hacking forum. The data was stolen by exploiting several critical vulnerabilities in the platform’s API and other bugs were identified allowing access to the internal service of the website.”
Decoding the Sample Data
Along with the post for the PandaBuy data breach, the threat actor Sanggiero, shared a string of sample data while conversing with other forum members. The Cyber Express analyzed this sample data and found a structured dataset of order inquiries from the PandaBuy platform.
Each line within the dataset represents a customer inquiry regarding their orders, providing insights into various aspects such as order cancellations, size adjustments, shipping updates, refunds, and order status queries.
The Cyber Express has reached out to the e-commerce organization to learn more about this PandaBuy data breach. However, at the time of writing this, no official statement or response has been received, leaving the claims for the PandaBuy data leak unconfirmed.
The Involvement of IntelBroker
The likelihood of this PandaBuy data breach being true is because IntelBroker, a solo hacker, is also involved in the incident. For its records, IntelBroker has claimed many cyberattacks and a majority of them have been proven true.
Moreover, in an exclusive interview with the hacker, TCE found out the hacker had been working alone and had claimed data breaches on organizations like Los Angeles Airport. Discussing his modus operandi with TCE, IntelBroker discussed his hacking journey, dispelled misconceptions, and addressed involvement with CyberNiggers.
The hacker highlighted breaches that deserved more attention and shared insights into the deep dark web and data breaches. The hacker advocates transparency in handling cybersecurity incidents and admires Sanggiero from BreachForums for their contributions.
As for the PandaBuy data breach, this is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Pandabuy data breach or any official confirmation from the organization.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.