According to information provided by HIBP (Have I Been Pwned), 1,348,407 PandaBuy accounts were affected by the breach. Attackers used vulnerabilities and other bugs in the platform’s API to gain access to the site’s internal services. The stolen data included unique user IDs, first and last names, phone numbers, email addresses, connection IP addresses, order details and home addresses. This information was posted on forums and could be accessed in exchange for a nominal cryptocurrency fee.
Experts stress the importance of changing passwords and being aware of possible fraud, especially for those who have had an account with PandaBuy. Information about the data leak has been added to the HIBP database, and service subscribers should have already been notified of the incident.
PandaBuy is a popular international platform that allows users to buy products from various e-commerce platforms in China, including Tmall, Taobao and JD.com. Although widely publicized, this incident highlights the importance of data protection and security on online platforms.