PandaBuy Details

PandaBuy

London, England • 2200 employees • Retail

Industry

Retail

Security Incidents

PandaBuy is a free app that helps users purchase products from Chinese online e-commerce platforms. The app offers services such as purchasing, warehousing, and shipping without service fees. It also has features for managing orders, viewing HD photos, and sharing.

Security Incidents

PandaBuy Breach of Jun 2024

Severity Score

Moderate

Type

Data Breach

Summary

The Chinese shopping platform Pandabuy was extorted again by the same group to whom they previously paid a ransom. This case illustrates the risks of paying ransoms, as initial payment did not prevent further extortion. In April, two threat actors, Sanggiero and IntelBroker, exploited critical vulnerabilities in Pandabuy’s API, leaking data of over 1.3 million customers. The stolen data included sensitive information like user IDs, names, phone numbers, emails, and home addresses. Despite addressing the vulnerabilities, Pandabuy admitted to paying the ransom but refused further payments due to...
Show more

Severity

The Pandabuy data breach was highly severe, exposing sensitive information of over 1.3 million customers, including user IDs, names, phone numbers, emails, and home addresses. Critical vulnerabilities in the platform's API allowed threat actors to steal and leak this data, putting users at significant risk. The breach's severity is underscored by the fact that the stolen data was offered for sale on cybercrime forums.

Impact

The Pandabuy data breach affected over 1.3 million customers, compromising their sensitive information. The exposed data included user IDs, first and last names, phone numbers, email addresses, home addresses, and order details. Both current and past users of Pandabuy's online shopping platform were impacted by this significant security incident.