BreachExchange mailing list archives
Panera Bread left millions of customer records exposed on the web
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Tue, 3 Apr 2018 08:25:35 -0500
https://www.engadget.com/2018/04/02/panera-bread-left-millions-of-customer-records-exposed/ Add another big-name brand to the list of those who've left customer data exposed online. Thanks to security researcher Dylan Houlihan, KrebsOnSecurity has discovered that Panera Bread left millions of customer sign-up records (possibly 37 million) in plain text on its website, including email addresses, home addresses, phone numbers and loyalty account numbers. There was no payment info, thankfully, but it would have been patently easy for evildoers to harvest that information and use it as part of identity fraud or spam campaigns. Crucially, Panera Bread didn't appear to be responsive to the problem. Houlihan notified the company about the problem in August 2017 and got a response promising that its team was "working on a resolution," but it didn't take down the info until KrebsOnSecurity got involved -- twice. In a statement, Panera Bread said it was still investigating the vulnerability but indicated that there was "no evidence" of either payment info or anyone accessing a "large number" of the accounts. As such, you're probably not at risk if you signed up for a Panera Bread website account. However, this underscores a recurring problem with internet security: numerous companies have failed to encrypt data or otherwise abide by basic security policies. Although there's no guarantee that locking down data will prevent breaches, it beats welcoming thieves with open arms.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Panera Bread left millions of customer records exposed on the web Inga Goddijn (Apr 03)