Think twice before ordering a replica of the iconic Jordans from China.
The popular online shopping platform PandaBuy, which specializes in the delivery of clothing, shoes and other goods from China, recently faced a large-scale data leak that affected about 1.3 million customers. At least two hackers who posted the stolen information on a cybercriminal forum claimed responsibility for breaking into the system.
A member of the BreachForums forum under the pseudonym Sanggiero announced the publication of data allegedly stolen as a result of the use of several critical vulnerabilities in the PandaBuy platform and API.
According to the hacker, the hack was carried out in collaboration with another cybercriminal known as IntelBroker. This character periodically flashes in major hacks, including, for example,General Electric, Hewlett Packard and Los Angeles International Airport.
The information stolen from PandaBuy includes user IDs, first names, last names, phone numbers, email addresses, login IP addresses, order details, order IDs, home addresses, postal codes, and country of residence.
As proof of the hack, Sanggiero published a free sample of the data. The full database is now available for purchase by other members of the shadow forum.
Troy Hunt, founder of the HIBP platform, confirmed that of the leaked email addresses, approximately 1.3 million are valid, all others are duplicates. Hunt added the leaked addresses to the HIBP database, allowing users to check if they were affected by the incident.
One of the representatives of PandaBuy said that this is a long-standing leak, and added that according to the company's security team, there were no hacks this year. However, rumors quickly appeared on the network that the company was simply trying to hide a new hack in this way.
The popular online shopping platform PandaBuy, which specializes in the delivery of clothing, shoes and other goods from China, recently faced a large-scale data leak that affected about 1.3 million customers. At least two hackers who posted the stolen information on a cybercriminal forum claimed responsibility for breaking into the system.
A member of the BreachForums forum under the pseudonym Sanggiero announced the publication of data allegedly stolen as a result of the use of several critical vulnerabilities in the PandaBuy platform and API.
According to the hacker, the hack was carried out in collaboration with another cybercriminal known as IntelBroker. This character periodically flashes in major hacks, including, for example,General Electric, Hewlett Packard and Los Angeles International Airport.
The information stolen from PandaBuy includes user IDs, first names, last names, phone numbers, email addresses, login IP addresses, order details, order IDs, home addresses, postal codes, and country of residence.
As proof of the hack, Sanggiero published a free sample of the data. The full database is now available for purchase by other members of the shadow forum.
Troy Hunt, founder of the HIBP platform, confirmed that of the leaked email addresses, approximately 1.3 million are valid, all others are duplicates. Hunt added the leaked addresses to the HIBP database, allowing users to check if they were affected by the incident.
One of the representatives of PandaBuy said that this is a long-standing leak, and added that according to the company's security team, there were no hacks this year. However, rumors quickly appeared on the network that the company was simply trying to hide a new hack in this way.
