Published: Wed, April 04, 2018
Markets | By Erika Turner

Panera website exposed customer data, report says

Panera website exposed customer data, report says

Security experts have alleged that U.S. bakery-cafe chain Panera Bread had "millions" of customers' personal information available and searchable on its site for at least eight months, leaving them vulnerable to identity theft.

US bakery chain Panera Bread has leaked millions of online consumer records, including birthdays and partial credit card numbers, for at least eight months, a computer security blog says.

The formatting, which uses incremental unique identifiers, makes the data easy to scrape.

The leak in data was found in 2017 by Dylan Houlihan. But according to another data security firm cited by Krebs, the actual number of leaked records "appears to exceed 37 million". Houlihan says the flaw continued to exist, and he "check [ed] on it every month or so because I was pissed".

Houlihan, having finally had enough of Panera's inaction, reached out to security professional Brian Krebs to replicate and announce the security issues. However, the company had no comment as to why it allowed the problem to exist for months after it acknowledged it was an issue last August.

Condom snorting challenge poses health hazards
Google Trends shows a sharp spike in the search term "condom snorting" in late March, with a hundred searches in the past week. Lee, associate professor of global health at Johns Hopkins Bloomberg School of Public Health, in a column for Forbes .

Panera Bread told Fox News that "fewer than 10,000 consumers have been potentially affected by this issue" and that "this issue is resolved".

The company also claims that there is "no evidence of payment card information being accessed or retrieved".

Gustavison initially thought Houlihan's email was a scam, but later responded that Panera Bread was working on a solution.

News of Panera's data leak follows a security breach that exposed the email addresses, user names, and passwords of 150 million users of MyFitnessPal, a fitness-tracking app owned by Under Armour.

Panera Bread said in a statement on Monday that the issue was resolved, according to published reports. But, instead, it seems as if the information is still available, but now you must first have a valid Panera Bread account to go through the steps of accessing the unsecured data.

Like this: