Panera Bread's website exposed customer data for months, report says

Panera Bread's website leaked customer records for 8 months, report says

We will update this article if and when we hear back.

The security issue, also published in detail on PasteBin, suggests that an unauthenticated API endpoint is at fault.

Another day, another possible data breach.

The truth is that it's a fearless organisation which promises it will never suffer a serious security incident. At first the company dismissed the report, but just a week later was able to verify the report and claimed it was working on a fix. Often, in fact, the response to a security breach will be more critical to your company's brand than the incident itself.

Even so, if you've registered and made a purchase on Panera Bread's website, keep an eye on your credit card statements for any foul play.

Panera Bread's website is down. Let me explain why...

A simple text page on the website of Panera revealed first and last names, physical addresses, email addresses, date of birth, telephone numbers, and the final four digits of customers' credit and debit card numbers. Panera confirmed the problem, saying it affected only 10,000 of its customers.

Eight months roll by - all the while, Houlihan's checking every month to see if the security hole has been fixed - and nothing happens.

News of Panera's data leak follows a security breach that exposed the email addresses, user names, and passwords of 150 million users of MyFitnessPal, a fitness-tracking app owned by Under Armour.

Panera Bread's website was briefly taken offline yesterday after being contacted by KrebsOnSecurity.

Krebs, no doubt, assumed that the problem was being resolved.

Panera Bread knows how to make a delicious sandwich, that is something we can confidentially say (The Italian is this editor's go-to item on the menu).

That figure prompted challenged by independent security reporter Brian Krebs, who put the number initially at 7 million and subsequently revised his estimate to 37 million.

Related News:

Most liked

EPA chief secretly gave huge raises to longtime aides
The White House has launched a formal inquiry into Pruitt's living situation when he first moved to Washington, D.C., last year. Democrats have asked the EPA Inspector General to look into the agreement, which has put Pruitt in the unwelcome spotlight.

Liverpool's Van Dijk relishing Man City test
Leroy Sane scored with a scorching volley, before Gabriel Jesus and Raheem Sterling both got in on the act for the visitors. I never like a manager [to] think 'what is a bad result?' I focus on the performance, on what we have to do.

Loyola Chicago, the team NCAA basketball did not deserve, exits stage right
Included in that was a 4-for-5 night from beyond the arc, and in total seven Villanova players made at least one three-pointer. For a while it looked like the MI basketball team would be the next victim of Loyola-Chicago's surprise NCAA Tournament run.

Ashok Gehlot replaces Janardan Dwivedi as AICC general secretary
Gandhi also appointed former Union Minister Jitendra Singh as the new All India Congress Committee (AICC) in-charge of Odisha. Congress on Friday chose to remove senior leader Ashok Gehlot as general secretary in-charge for the state of Gujarat.