The popular online shopping platform PandaBuy confirmed felling victim to a massive data breach, leaving over 1.3 million users affected. The PandaBuy leak list was posted on a dark web forum in collaboration with two threat actors — Sanggiero and IntelBroker.
The two hackers exploited vulnerabilities within PandaBuy’s systems, including critical flaws in its API. These weaknesses granted unauthorized access to sensitive user data, including user IDs, names, contact details, login IP addresses, and order histories.
Alleged PandaBuy Leak List Surfaces on Dark Web
PandaBuy, renowned for enabling overseas consumers to purchase products from Chinese e-commerce giants like Tmall, Taobao, and JD.com, has confirmed the data breach, stating “This incident was caused by a hacker organization using illegal technology to break through the platform’s information security and try to entry into the platform’s information system and make it public after illegally stealing some user information.
Moreover, Microsoft confirmed that the PandaBuy leak data “did indeed come from Pandabuy”. Microsoft researches also revealed that the sample data provided by the hackers had “made-up email addresses” that were not part of the original leak, which proves that the threat actors’ claim of the “3 million” was an exaggeration and the leaked data was limited to 1.3 Million accounts.
The PandaBuy leak list came to light when ‘Sanggiero’ posted about the incident on March 31, 2024, announcing the leaked download of the PandaBuy breach list on a hacking forum.
The threat actor post reads, In April 2024, almost 3M+ rows of data from the store company Pandabuy was posted to a popular hacking forum. The data was stolen by exploiting several critical vulnerabilities in the platform’s API and other bugs were identified allowing access to the internal service of the website.”
Decoding the Sample Data from PandaBuy Leak List
Along with the post for the PandaBuy data leak list, the threat actor Sanggiero, shared a string of sample data while conversing with other forum members. The Cyber Express analyzed this sample data and found a structured dataset of order inquiries from the PandaBuy platform.
Each line within the dataset represents a customer inquiry regarding their orders, providing insights into various aspects such as order cancellations, size adjustments, shipping updates, refunds, and order status queries.
The Cyber Express has reached out to the e-commerce organization to learn more about this PandaBuy data leak list. In a conversation with TCE, a PandaBuy spokesperson said “Pandabuy unequivocally condemns this illegal actions and has taken necessary legal measures to require relevant infringing websites to immediately delete all unauthorized user information, block all infringing links, and will actively pursue the legal liability of infringers.
Moreover, PandaBuy noted that the users data and personal information are safe and the breach didn’t compromised any sensitive data. Pls don’t worry , your order / parcel / payment information won’t be stolen and we promise your account is safe. Also , pls remain vigilant against misinformation, as Pandabuy officials will never request user account details or any other sensitive information”, added the spokesperson.
The Involvement of IntelBroker
The likelihood of this PandaBuy leak data link being true is because IntelBroker, a solo hacker, is also involved in the incident. For its records, IntelBroker has claimed many cyberattacks and a majority of them have been proven true.
Moreover, in an exclusive interview with the hacker, TCE found out the hacker had been working alone and had claimed data breaches on organizations like Los Angeles Airport. Discussing his modus operandi with TCE, IntelBroker discussed his hacking journey, dispelled misconceptions, and addressed involvement with CyberNiggers.
The hacker highlighted breaches that deserved more attention and shared insights into the deep dark web and data breaches. The hacker advocates transparency in handling cybersecurity incidents and admires Sanggiero from BreachForums for their contributions.
As for the PandaBuy leak list, the organization is “a 10% freight subsidy code ( pandabuyer ) valid for 1 month, with no usage limits / no limit on max discounts” as a part of the ongoing remedial procedures. The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Pandabuy data breach or any other confirmation from the organization.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
