Data Breach News

PandaBuy Data Breach: 1.3M Users’ Info Exposed In Cyberattack

The , reportedly orchestrated by two popular hackers, exploited vulnerabilities within PandaBuy's systems, including critical flaws in its API.

by Ashish Khaitan April 3, 2024 in Data Breach News, Firewall Daily, Hacker Claims Reading Time: 4 mins read 0

697 SHARES 3.9k VIEWS Share on LinkedInShare on Twitter

The popular online shopping platform PandaBuy confirmed felling victim to a massive data breach, leaving over 1.3 million users affected. The was posted on a forum in collaboration with two threat actors — and .

The two hackers exploited vulnerabilities within PandaBuy's systems, including critical flaws in its API. These weaknesses granted unauthorized access to sensitive user data, including user IDs, names, contact details, login IP addresses, and order histories.

Alleged PandaBuy Data Breach Claims on Dark Web

Source: Dark Web

PandaBuy, renowned for enabling overseas consumers to purchase products from Chinese e-commerce giants like Tmall, Taobao, and, has confirmed the data breach, stating “This incident was caused by a hacker organization using illegal technology to break through the platform's information security and try to entry into the platform's information system and make it public after illegally stealing some user information.

Moreover, Microsoft Regional Director, Troy Hunt confirmed that the leaked data “did indeed come from Pandabuy”.Hunt also revealed that the sample data provided by the hackers had “made-up email addresses” that were not part of the original leak, which proves that the threat actors' claim of the “3 million” was an exaggeration and the leaked data was limited to 1.3 Million accounts. 

Source: Troy Hunt on X

The PandaBuy data breach came to light when ‘Sanggiero' posted about the incident on March 31, 2024, announcing the leaked download of the PandaBuy database on a hacking forum.

The threat actor post reads, In April 2024, almost 3M+ rows of data from the store company Pandabuy was posted to a popular hacking forum. The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website.”

Decoding the Sample Data

Along with the post for the PandaBuy data breach, the threat actor Sanggiero, shared a string of sample data while conversing with other forum members. The Cyber Express analyzed this sample data and found a structured dataset of order inquiries from the PandaBuy platform. 

Each line within the dataset represents a customer inquiry regarding their orders, providing insights into various aspects such as order cancellations, size adjustments, shipping updates, refunds, and order status queries.

The Cyber Express has reached out to the e-commerce organization to learn more about this PandaBuy data breach. In a conversation with TCE, a PandaBuy spokesperson said “Pandabuy unequivocally condemns this illegal actions and has taken necessary legal measures to require relevant infringing websites to immediately delete all unauthorized user information, block all infringing links, and will actively pursue the legal liability of infringers.”

Moreover, PandaBuy noted that the users data and personal information are safe and the breach didn't compromised any sensitive data. “Pls don't worry , your order / parcel / payment information won't be stolen and we promise your account is safe. Also , pls remain vigilant against misinformation, as Pandabuy officials will never request user account details or any other sensitive information”, added the spokesperson. 

The Involvement of IntelBroker 

The likelihood of this PandaBuy data breach being true is because IntelBroker, a solo hacker, is also involved in the incident. For its records, IntelBroker has claimed many cyberattacks and a majority of them have been proven true.

Moreover, in an exclusive interview with the hacker, TCE found out the hacker had been working alone and had claimed data breaches on organizations like Los Angeles Airport. Discussing his modus operandi with TCE, IntelBroker discussed his hacking journey, dispelled misconceptions, and addressed involvement with CyberNiggers. 

The hacker highlighted breaches that deserved more attention and shared insights into the deep dark web and data breaches. The hacker advocates transparency in handling cybersecurity incidents and admires Sanggiero from BreachForums for their contributions.

As for the PandaBuy data breach, the organization is “a 10% freight subsidy code ( pandabuyer ) valid for 1 month, with no usage limits / no limit on max discounts” as a part of the ongoing remedial procedures. The Cyber Express will be closely monitoring the situation. We'll update this post once we have more information on the alleged Pandabuy data breach or any other confirmation from the organization. 


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button