Alarming news has surfaced in the cybersecurity realm as a threat actor, Sanggiero, claims to have the entire database of Pandabuy (Pandabuy.com), a prominent online marketplace.
According to reports, the compromised database contains a staggering 17 million lines of user records, encompassing sensitive details such as first names, last names, user IDs, emails, order data, IP addresses, countries, passwords, and more.
The threat actor, Sanggiero, has issued a statement regarding their intentions. They assert that the vulnerabilities exploited to breach Pandabuy’s defenses, which allegedly remain unaddressed by the company, will soon be unveiled on the threat actor’s blog site. Furthermore, they have declared their intention to disclose the names and passwords of Pandabuy employees, albeit in encoded form using base-64 encryption.
The threat actor has warned Pandabuy that negotiations may still be possible, but time is running out. They have set a hefty price tag of $40,000 for the compromised database, signaling their readiness to sell the pilfered data to the highest bidder.
