Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label ID. Show all posts

1.3 Million Customers Affected: Pandabuy Grapples with Data Breach Fallout

 


A data breach allegedly occurred on Sunday at Pandabuy, an online store that aggregates items from Chinese e-commerce sites. As a result, 1,348,307 accounts were affected. A large amount of information has been leaked, including user IDs, first and last names, phone numbers, emails, login IP addresses, full addresses, and order information. 

Sanggiero and IntelBroker both exploited multiple vulnerabilities to breach the company's systems, allegedly leading to the leakage of the company's data. People throughout the world can use Pandabuy’s marketplace to access products from Chinese online marketplaces, such as JD.com, Tmall, and Taobao. 

Approximately 1.3 million PandaBuy customers' data has been accessed after two threat actors exploited multiple vulnerabilities to gain access to PandaBuy's system, according to PandaBuy's website. In addition to allowing international customers to purchase goods from a variety of Chinese e-commerce platforms, including Tmall, Taobao, and JD.com, PandaBuy is offering international users to purchase products from different e-commerce platforms. 

There was a breach at PandaBuy yesterday claimed by an individual known as 'Sanggiero', allegedly performed by 'IntelBoker' in conjunction with the threat actor 'Sanggiero'. The breach, according to Sanggiero, was possible as a result of exploiting critical API vulnerabilities, which allowed unauthorized access to internal platform services.

It has been found that over 3 million unique user IDs are now available on underground forums. These data include personal information such as names, phone numbers, e-mail addresses, and even more. For interested parties to obtain this information, they will need to pay a nominal fee in cryptocurrency, further aggravated by the breach itself. 

PandaBuy has reported that 1,348,407 PandaBuy accounts are being compromised, according to data breach aggregation service Have I Been Pwned (HIBP), which confirmed the breach. Furthermore, Sanggiero has provided a sample of leaked data containing email addresses, customer names, transaction information, and order details as well as a sample of the leaked data to verify the authenticity of it. 

A password reset request that Troy Hunt, the creator of HIBP, submitted by PandaBuy users confirmed the breach, confirming that at least 1.3 million email addresses were indeed linked to PandaBuy accounts. In any case, the initial claim of three million entries made by the threat actors appears inflated, with some entries being manufactured or duplicates. 

There are several forums where PandaBuy shoppers' information was leaked, and any registered members can obtain it by paying a symbolic payment of cryptocurrency in exchange for the data. The PandaBuy company has not yet acknowledged an incident of this nature, but one of its administrators on the firm's Discord channel pointed out that the incident was a result of old information, which was already dealt with. 

As a precautionary measure, PandaBuy users have been urged to reset their passwords immediately and to be vigilant against scam attempts. Consequently, PandaBuy customers are facing a significant security threat since their customer data was leaked on underground forums. During the test period, threat actors provided a sample dataset containing email addresses, customer names, order details, and payment information as a means of verifying the authenticity of the breach. 

Troy Hunt's validation of the leaked email addresses further corroborated the breach's legitimacy, emphasizing the urgency of corrective action required for it. The PandaBuy users who have been affected by the breach should act immediately to mitigate the risks. Resetting their passwords will help protect their accounts from unauthorized access in the future. 

It is also important to be vigilant against potential scams and to be very sceptical when receiving unsolicited communications. In addition to timely notifications, Have I Been Pwned integrations with data breach aggregation services ensure users can take proactive measures to protect their online security when data exposure occurs? It is essential that companies, particularly those that handle large amounts of consumer data, prioritize the security of their platforms to prevent such incidents. 

Consumers should remain vigilant and adopt best practices in terms of digital security to keep themselves safe, including strong, unique passwords, and be wary of phishing attempts that may try to steal personal information.

Meta's Ambitious Move: Launching a Dedicated App to Challenge Twitter's Dominance

 


There is talk that Meta, the Mark Zuckerberg company, is working on developing a rival for Twitter shortly since it has been announced that it wants public figures to join it, including the Dalai Lama and Oprah Winfrey, who are either planning to use it or will refer to it as a rival for Twitter. 

This standalone application is codenamed Project92, but a report by tech news site The Verge suggests that the official title could be Threads. This is based on its codename.

During an internal meeting on Thursday, Meta's chief product officer, Chris Cox, told employees that the app was Meta's response to Twitter, the social network owned by Facebook and Instagram. 

In addition to allowing users to follow accounts they already follow on Instagram, Meta's image-sharing application may also offer them the opportunity to bring over followers they previously had on decentralized platforms such as Mastodon, if they choose to do so. 

Meta spokesperson says the platform is being developed and released soon. According to Chris Cox, Meta's chief product officer, Meta's platform is currently being coded. There is no specific date for releasing the app though the tech giant intends to do so very soon. Several sources speculate that the launch could happen as early as June, but that is still far from certain. 

In recent weeks, screenshots of the company's upcoming app have surfaced online, providing a glimpse of how it might look shortly. The screenshots were shown internally to senior employees.

This BBC report is based on confirmation made to the BBC by sources within the company that these screenshots are genuine. The new platform layout will likely be familiar to people who use Twitter as a social media platform.

The screenshot shows that Meta will allow users to log in with their Facebook or Instagram ID number. This will save them the hassle of creating their ID number later. There are several options available to users for how to share their thoughts in a Twitter-style prompt, with other users able to like, comment, and re-share (basically retweet) their posts. Further, based on the screenshot, it appears that users may also be able to create a thread as well, which is a tangle of posts placed one after the other in a particular order. 

Moreover, according to The Verge, the app would be integrated with ActivityPub, a technology underpinning Mastodon, a decentralized collection of thousands of web pages that serves as a Twitter rival. This technology will allow social networks to interact with each other more easily. Theoretically speaking, users of the upcoming Meta app can move their accounts and followers over to apps supported by ActivityPub, like Mastodon, the new Meta app. 

The app is expected to be based on Instagram and users will be able to log in with their Instagram username and password, while their followers, user bio, and verification information will also transfer over to the new app as well, according to earlier reports. 

The app aims to give creators a "stable place to build and grow their audience" in addition to providing a safe, easy-to-use, and reliable place to create. 

There is no question that Elon Musk's Twitter will be facing a lot of opposition from the short text-based network P92, which has the potential to surpass both BlueSky and Mastodon in terms of its level of rivalry with Elon Musk's Twitter. The fact that both Mastodon and BlueSky have attracted users who were disillusioned with Twitter is a testament to the fact that building your social network from scratch and reestablishing the community from scratch is not easy.

Meta's Instagram community, however, is enormous, boasting more than a billion users worldwide. This far surpasses Twitter's estimated 300 million users, although Twitter's numbers are no longer verifiable. 

Moreover, the report points out that Meta, which is inspired by Twitter, will be able to populate a user's info via Instagram's account system in much the same way as Twitter does. A Meta spokesperson reportedly told me on the sidelines of the meeting that the company has already been working with prominent personalities such as Oprah Winfrey and the Dalai Lama to attract others to try the "Project 92" web app by joining the platform. 

As Musk has said, Twitter under his leadership has been experiencing a difficult time, although he has insisted Twitter's users have not declined since the Tesla boss purchased the platform back in October. Musk claimed several weeks after purchasing Twitter that a peak of more than 250 million daily active users had been achieved. This was a record high then. Because Twitter is based almost entirely on advertising revenue, it is experiencing financial difficulties. 

Several concerns were responsible for the current advertiser boycott, including the degradation of the platform's moderation standards and the botched re-launch of Twitter's subscription service. This led to several verified impersonator accounts that started appearing on the platform. 

There is no doubt Meta has made a bold and ambitious move in entering the social media landscape with its announcement that it will launch a dedicated app to compete with Twitter's dominance in its space. By reshaping how people engage in real-time conversations in real-time, Meta has the potential to disrupt the status quo and disrupt people's social norms. 

The battle for microblogging supremacy intensifies as users eagerly await the release of this new app. It promises to be an exciting and transformational time in online communication as the world becomes more integrated.

Uncovered: Clop Ransomware's Lengthy Zero-Day Testing on the MOVEit Platform

 


Security experts have uncovered shocking evidence that the notorious Clop ransomware group has been spending extensive amounts of time testing zero-day vulnerabilities on the popular MOVEit platform since 2021, according to recent reports. This study has raised a lot of concerns about cybersecurity systems' vulnerability. For this reason, affected organizations and security agencies have taken urgent action to prevent these vulnerabilities. In light of this discovery, it only highlights the fact that ransomware attacks are becoming increasingly sophisticated. The need for robust defense measures to mitigate various types of cyber threats is critical. 

There is now close work collaboration between authorities and the parties affected by the breach to investigate this incident and develop appropriate countermeasures. 

A recent Clop data theft attack aimed at weak MOVEit Transfer instances was examined, and it was discovered that the technique employed by the group to deploy the recently revealed LemurLoot web shell can be matched with the technique used by the gang to target weak MOVEit Transfer instances. Using logs from some affected clients' networks, they determined which clients were affected. 

As a result of a joint advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) regarding the active exploitation of a recently discovered critical vulnerability in Progress Software's MOVEit Transfer application, ransomware is now being dropped on the internet. 

Kroll researchers performed a forensic review of the exploit carried out by the Clop cybergang in July 2021. They determined that they may have experimented with the now-patched file transfer vulnerability (CVE-2023-34362) that month. 

BBC, British Airways, Boots, a UK drugstore chain and the Halifax provincial government are some of the organizations that have reported that their data was exfiltrated by the group at the end of last month as well as payroll company Zellis. There was a breach of employee data by three organizations, Vodafone, BBC, and Boots, which used Zellis' services to store employee data. 

The Russian-backed Clop organization, also known as Lace Tempest, TA505, and FIN11, has claimed responsibility for attacks that exploited Fortra’s GoAnywhere Managed File Transfer solution by exploiting a zero-day vulnerability. Over 130 organizations have been targeted and over one million patients' data has been compromised as a result. 

It has been reported that the MOVEit Transfer SQL injection vulnerability exploit on Wednesday was similar to a 2020-21 campaign in which the group installed a DEWMODE web shell on Accellion FTA servers in a joint advisory issued by the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency. 

It has also been discovered that threat actors were testing methods for gathering and extracting sensitive data from compromised MOVEit Transfer servers as far back as April of 2022. These methods were probably using automated tools and these methods may have been used to gain access to servers. 

It is possible that actors tested access to organizations using automated means and pulled back information from MOVEit Transfer servers. This was in the weeks leading up to last month's attacks. This is in addition to the 2022 activity. They also did this to determine which organizations they were accessing using information obtained from the MOVEit Transfer servers. 

During the malicious activity, it appeared that specific MOVEit Transfer users' Organization IDs ("Org IDs") were being exfiltrated, which in turn would have allowed Clop to determine which organizations to access. 

It has been reported on Clop's website that it has claimed responsibility for the MOVEit attacks and that victims are invited to contact it until July 14 if they do not wish that their names be posted on the site. Because a ransom deal would not guarantee that the stolen data would remain secure, the company has offered examples of data that has been exfiltrated and data that has been publicly published as part of an unresolvable ransom deal. 

In a LinkedIn post, Charles Carmakal, CEO of Mandiant Consulting, expressed surprise at the number of victims MOVEit has provided. Carmakal characterized MOVEit as "overwhelming.".