{"id":164263,"date":"2024-06-07T13:26:15","date_gmt":"2024-06-07T13:26:15","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=164263"},"modified":"2024-06-07T13:26:17","modified_gmt":"2024-06-07T13:26:17","slug":"pandabuy-extorted-again","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/164263\/cyber-crime\/pandabuy-extorted-again.html","title":{"rendered":"Pandabuy was extorted twice by the same threat actor"},"content":{"rendered":"

<\/div>\n

Chinese shopping platform Pandabuy previously paid a ransom demand to an extortion group that extorted the company again this week.<\/gwmw><\/h2>\n\n\n\n
The story of the attack against the Chinese shopping platform Pandabuy<\/a> demonstrates that paying a ransom to an extortion group is risky to the victims.<\/gwmw><\/p>\n\n\n\n
BleepingComputer first reported<\/strong><\/a> that Pandabuy had previously paid a ransom to an extortion group to prevent stolen data from being published, but the same threat actor extorted the company again this week.<\/p>\n\n\n\n
In April, at least two threat actors claimed the hack of the PandaBuy online shopping platform<\/a> and leaked data of more than 1.3 million customers on a cybercrime forum.<\/p>\n\n\n\n
The member of the BreachForums \u2018Sanggiero\u2019 announced the leak of data allegedly stolen by exploiting several critical vulnerabilities in Pandabuy\u2019s platform and API. Sanggiero said that he breached the platform with another threat actor named \u2018 IntelBroker<\/a>.\u2019<\/p>\n\n\n\n
\n
PandaBuy has been breached by Threat Actors operating under the names "Sanggiero" and "IntelBroker". Exfiltrated data includes:

– UserId
– First name
– Last name
– Phone number
– Email
– Login Ip
– Full address
– Order information

Breach patrons are relatively excited pic.twitter.com\/Gg0HLEMSj1<\/a><\/p>— vx-underground (@vxunderground) April 1, 2024<\/a><\/blockquote>