Pierluigi Paganini
The entity deeply injured twice by the same menacing actor
June 07, 2024
Priorly, the Chinese shopping emporium Pandabuy capitulated to a ransom request from an intimidation group that recurred their extortion tactics this current week.
The account of the assault towards the Chinese shopping emporium Pandabuy emphasizes that bowing to a ransom demand from an intimidation group poses risks to the targets.
BleepingComputer initially mentioned that Pandabuy had previously ceded to a ransom request from an intimidation group in order to prevent the disclosure of stolen data, yet this same menacing actor blackmailed the entity once more this week.
In April, at least two menacing actors claimed responsibility for the infiltration of the PandaBuy online shopping platform and published data from over 1.3 million customers on an internet crime forum.
The member of the BreachForums ‘Sanggiero’ revealed the exposure of data purportedly pilfered by exploiting various pivotal vulnerabilities in Pandabuy’s platform and API. Sanggiero iterated that the platform was infiltrated alongside another menacing actor dubbed ‘IntelBroker.’
The filched data encompassed UserId, First Name, Last Name, Phone Numbers, Emails, Login IP, Orders_Data, Orders_Id, Home_address, Zip, and Country.
“In April 2024, almost 3M+ rows of data from the store company Pandabuy was posted to a popular hacking forum. The data was stolen by exploiting several critical vulnerabilities in the platform’s API and other bugs were identified allowing access to the internal service of the website. The data contained 3M+ unique UserId, First Name, Last Name, Phone Numbers, Emails, Login IP, Orders_Data, Orders_Id, Home_address, Zip, Country, and so on. The website was breached by @Sanggiero and @IntelBroker.” was the statement published by BreachForums.
The data is available for sale on the internet crime forum, Sanggiero displayed a section as evidence of the data breach.
HIBP founder Troy Hunt validated that 1.3 million email addresses are authentic, with the remaining addresses being duplicates. Hunt included the leaked addresses into HIBP, letting users ascertain whether they were affected by the incident.
A representative from the corporation stated in a Discord channel that the security infraction happened in a previous instance, further mentioning that the security troupe of the corporation indicated no security breach occurred within this year.
On June 3, 2024, Sanggiero put up for sale the complete dataset they previously purloined from Pandabuy at a cost of $40,000. The actor claimed that the dataset comprises more than 17 million entries, surpassing the initial dataset provided in April, which contained 1.3 million entries.
“A spokesperson from Pandabuy confessed to BleepingComputer that they had paid the offender an undisclosed sum to avert the data leakage, revealing that the menacing actor might have disseminated the data to third parties, leading them to discontinue any collaboration with him.” reported BleepingComputer.
The corporation attempted to diminish the incident by asserting that the data presented by Sanggiero is identical to the prior breach.
Pandabuy further added that due to blocked funds, they were unable to persist in paying ransoms; nonetheless, they rectified the vulnerabilities exploited in the initial attack. The corporation speculates that the menacing actors might have covertly vended their data to cybercriminals.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cybercriminals)
About Author
