April 1, 2024 at 11:05AM
Data of over 1.3 million PandaBuy customers has been leaked due to vulnerability exploitation, reportedly by two threat actors. The leaked information includes user IDs, names, contact details, order information, and more. It has been confirmed that leaked emails are valid and originate from PandaBuy. The company has not publicly addressed the breach. Subscribers of Have I Been Pwned were notified of the breach.
Key takeaways from the meeting notes:
– Data breach of PandaBuy online shopping platform, involving customer details of more than 1.3 million accounts.
– Alleged involvement of threat actors “Sanggiero” and “IntelBoker” who exploited critical vulnerabilities in the platform’s API to gain unauthorized access.
– Leaked customer details include unique user IDs, names, phone numbers, emails, login IP, order data, addresses, and more.
– Breached data can be obtained on a forum for a symbolic payment in cryptocurrency. Troy Hunt verified at least 1.3 million valid email addresses.
– PandaBuy has not officially acknowledged the breach and reportedly attempted to censor user posts about the incident on Discord and Reddit.
– Users are strongly advised to reset their passwords, be vigilant for potential scams, and treat unsolicited communications with suspicion.
– Data has been added to Have I Been Pwned, and subscribers to the service have been notified of the breach.
As an executive assistant, I have summarized the key information from the meeting notes for your reference. Let me know if you need further assistance or if there’s anything else I can help with.