Pandabuy data breach: Everything you need to know

August 14, 2024
·
5 min
deleteme

Protect yourself from future breaches

Online shopping is fun. You can sit in the comfort of your home and order whatever you want from anywhere in the world and it will come right to your doorstep. It’s convenient and less stressful than in-store shopping…but it also exposes you to a number of online threats linked to ecommerce platforms, like brushing scams or data breaches. 

A recent example is the Pandabuy data breach. In March 2024, Pandabuy, a popular Chinese online shopping platform, suffered a data breach that exposed the personal information of over a million customers to hackers. If you’ve used Pandabuy to shop, your data may have been leaked and your personal details compromised.. 

Don’t panic. This article will help you figure out whether you were impacted by the Pandabuy data breach (or any data breach at all) and what steps you need to take to protect yourself. 

Did Pandabuy get hacked? 

Yes, Pandabuy got hacked. On March 31, two hackers with the nicknames “Sangierro” and “Intelbroker" posted customer data stolen from Pandabuy on a popular hacking forum, BreachForums

Many people believed the leaked data was legit, since Intelbroker is allegedly responsible for a number of significant data breaches, including the Facebook Marketplace, AT&T, Verizon, T-Mobile, and US Citizenship and Immigration Services (USCIS). The authenticity of the leaked email addresses were also confirmed by Troy Hunt, a Microsoft Regional Director, who checked the leaked account details and traced their source to Pandabuy.

Pandabuy data breach: Everything you need to know  

The Pandabuy breach has exposed its customers to a number of serious cybersecurity risks including identity theft, phishing attacks, and password breach

What got breached? 

The hacker, Sangierro, claimed that they breached the internal service of Pandabuy’s website and stole the following data:

  • Unique user Ids
  • First names
  • Last names 
  • Phone numbers
  • Emails
  • Login IPs
  • Orders data
  • Orders IPs
  • Home addresses
  • Zip codes
  • Country

Source

The hacker published a sample of this data as proof, and they also informed people on Breachforum that the stolen data was available for sale for $40,000. A Pandabuy spokesperson admitted that they had been exploited by the same hacker before and had paid the hacker to stop the data leak, only to get hacked again. 

If your personal information was among the sample leaked, bad actors like scammers, stalkers, or other hackers can have access to it, which is dangerous. They can use the information to access multiple accounts, such as your email, social media, and online banking accounts. 

How did it happen? 

According to the hacker, they stole the data by exploiting multiple critical vulnerabilities in Pandabuy’s API. With access to the API, other bugs were found, allowing access to the website's internal services.  

Simply put, Pandabuy didn’t tighten up security in their API, and the hacker used this weakness to access its internal service, where customers' personal data was collected and stored. 

Who was impacted by the Pandabuy data breach? 

No one knows exactly who was impacted by the Pandabuy data breach, but anyone who has previously used the platform to shop may have been a victim.

How many people were impacted? 

The hacker claimed that over 3 million user data was breached, but the confirmed actual number was 1,348,407. The rest may have been duplicates or intentionally generated to inflate the figure.

Fortunately, you can completely avoid situations like this with Cloaked. 

Cloaked allows you to create pseudo phone numbers, emails, and passwords and use them in any situation where a website is asking for your personal information.  This way, no one can hack your other accounts with credentials from a breached account. It has a feature that automatically replaces existing information on your old accounts with secure email addresses, phone numbers, usernames, and passwords. 

Cloaked manages your login with proxy emails, phone numbers, and a built-in password manager

Cloaked also provides you with identity theft protection which includes up to $1 million in coverage against identity theft and 24/7 specialist support for identity theft resolution.

Ready to protect your online identity? 

 Sign up with Cloaked

What to do if you were impacted by the Pandabuy Data Breach

If you suspect the Pandabuy data breach impacted you,  you’ll need to check if your data has been leaked, then protect yourself to prevent your personal data/identity from being used. Here’s how:

1. Check your breach status

The first thing you should do is check if your data was amongst the ones exposed on Pandabuy. You can do this by going to HaveIBeenBreached and entering your personal email or phone number. 

2. Reset your Pandabuy password

If you’ve been breached on Pandabuy, you should immediately change your Pandabuy password and any other accounts where you used the same or similar password. This will prevent scammers or other hackers from accessing your data on other platforms.

3. Check for other breaches

Many data breaches have happened over the years on popular websites you’ve most likely used. You’ll see that on the Have I Been Breached Website. You should also change your credentials on those platforms. 

You can use Cloaked to automatically reset all your passwords and change them to unique secure passwords that you can store within Cloaked’s encrypted password manager.

4. Enable two-factor authentication

Two-factor authentication adds an extra layer of security to your accounts. With 2FA, if a hacker manages to steal your username and password, they’ll need access to a security token on another second device (usually your phone) to gain access to your account. 

5. Monitor your accounts

Check your financial accounts, emails, online dating, and social media accounts for authorized transactions and any unusual or suspicious activity. If you suspect your bank account has been compromised, contact your bank to freeze your credit card. 

If you see any unauthorized purchases on your Pandabuy account, contact Pandabuy support immediately.

6. Be wary of phishing attempts

Source

Other hackers may try to exploit the Pandabuy data breach using phishing attacks. Ignore any messages or emails from Pandabuy or other companies asking for your personal information. Do not click any links you didn’t request for.

7. Update your security questions 

If you suspect your security questions and answers were also compromised, change them to new information completely different from the current questions.

8. Stay informed

Keep yourself updated on what’s going on with the Pandabuy data breach and also cybersecurity best practices to ensure you’re always protected online. 

Pandabuy Data Breach FAQs

Here’s more information you should know about the Pandabuy data breach:

Did Pandabuy try to cover up the breach?

Pandabuy’s discord admin claimed their technical team had already resolved the incident and the data stolen was stale. They also urged discord members to stop causing panic by spreading rumors. Some social media users even believe Pandabuy censored posts on Reddit and Discord in an attempt to cover up the data breach. 

Later, Pandabuy acknowledged the data breach and apologized to its users, saying that hackers used illegal technology to breach their database security. They noted that users' financial and personal information was not exposed in the breach, and legal measures would be taken to force the hackers to delete the stolen data. 

Why did PandaBuy get leaked?

Pandabuy was leaked because of vulnerabilities in the platform’s API. The hackers claimed to have found bugs and several vulnerabilities that they exploited to gain access to the internal service of Pandabuy’s website. 

Protect yourself from future data breaches from Pandabuy and more

If you’ve checked your breach status, you may have discovered that your data has been breached on multiple platforms. Don’t freak out! You can manually change your passwords on these platforms, which takes time, or you can use Cloaked.

But that’s not all. Cloaked also helps you remove personal info from 120+ Data Brokers and other sites and offers you identity theft protection with up to $1 million in coverage against identity theft.

Make data breaches the least of your worries with Cloaked. 

Sign up with Cloaked

Protect yourself from future breaches

View all
Data Breaches
September 30, 2024

Recognizing Phishing Attempts in Online Dating: Tales from the Digital Love Hunt

Recognizing Phishing Attempts in Online Dating: Tales from the Digital Love Hunt

by
Pulkit Gupta
Data Breaches
September 30, 2024

Recognizing Phishing Attempts in Online Dating: Tales from the Digital Love Hunt

Recognizing Phishing Attempts in Online Dating: Tales from the Digital Love Hunt

by
Pulkit Gupta
Data Breaches
September 17, 2024

Navigating the Maze of Third-Party Vendor Management: A Guide for Small Business Owners

Navigating the Maze of Third-Party Vendor Management: A Guide for Small Business Owners

by
Arjun Bhatnagar
Data Breaches
September 17, 2024

Navigating the Maze of Third-Party Vendor Management: A Guide for Small Business Owners

Navigating the Maze of Third-Party Vendor Management: A Guide for Small Business Owners

by
Arjun Bhatnagar
Data Breaches
September 16, 2024

Navigating the Storm: Crafting an Effective Incident Response Plan for Small Business Owners

Navigating the Storm: Crafting an Effective Incident Response Plan for Small Business Owners

by
Pulkit Gupta
Data Breaches
September 16, 2024

Navigating the Storm: Crafting an Effective Incident Response Plan for Small Business Owners

Navigating the Storm: Crafting an Effective Incident Response Plan for Small Business Owners

by
Pulkit Gupta