Panera Bread's website involved in a data leak

Panera Bread's website leaked customer records for 8 months, report says

"There is a security vulnerability on the delivery.panerabread.com website that exposes sensitive information belonging to every customer who has signed up for an account to order Panera Bread online", Houlihan wrote in August of previous year.

Houlihan, exhausted of being ignored by Panera's security team, posted about Panera's unpalatable security on Medium, alongside screenshots of email correspondence with Panera Bread's information security director, Mike Gustavison. Previous year the credit agency Equifax, meanwhile, revealed that hackers had stolen some of its customers' personal data, affecting almost 140 million people in total.

The formatting, which uses incremental unique identifiers, makes the data easy to scrape.

If you visit Panera Bread's website today, you won't find the usual collection of sandwiches, soups, salads, and sausage rolls.

Panera Bread's website has leaked millions of customer records KrebsOnSecurity reports.

But Houlihan said the flaw "never disappeared". However, the company had no comment as to why it allowed the problem to exist for months after it acknowledged it was an issue last August.

"Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved", Panera Bread said.

And so, eight months later and frustrated by the lack of response, he informs security blogger Brian Krebs who publicly reveals that millions of customer records are at risk.

'The format of the database also lets anyone search for customers via a variety of data points, including by phone numbers, ' Krebs added.

"Despite an explicit acknowledgement of the issue and a promise to fix it, Panera Bread sat on the vulnerability and, as far as I can tell, did nothing about it for eight months", Houlihan wrote. KrebsOnSecurity said the incremenatal customer numbers indexed by the site suggest that the number may be higher than 7 million, and it's also uncertain whether Panera customer account passwords may have been impacted.

Panera claims that fewer than 10,000 consumers had potentially been affected by the breach and stated that the issue has since been resolved.

Related News:



Most liked

Pennsylvania Sees Increase In Distracted-Driving Citations
Only 1 percent said they felt comfortable being a passenger in a auto with a driver who was texting, the news release said. Speak out if the driver of your vehicle is distracted. "Do not text message".

Republican congressman calls for Trump's EPA chief to resign
The officials spoke on the condition of anonymity because they were not authorized to publicly discuss private conversations. In that role, she solicited donations to his political coffers and scheduled fundraising meetings and travel for him.

Belton police fatally shot man reportedly wielding knife during disturbance at home
He told the police in his statement that the boy was playing outside his house on March 13 when he lured him to buy tamarind. He at one point spit it out toward officers and threw the bottle in their direction, police said.

Villanova, Michigan advance to NCAA men's title game
They're so good at putting their hands on or getting an armbar into you and then taking it off, then beating you to the spot". Junior Eric Paschall led the barrage, going 4-for-5 from 3, 10-for-11 overall, and finishing with a career-high 24 points.

Harry and Meghan have picked their wedding flowers
Kensington Palace said the designs will reflect the wild, natural landscapes from which numerous plants will be drawn. Things are slowly settled for the highly-anticipated royal wedding for Prince Harry and Meghan Markle .

Samsung Galaxy Note9 could be launched earlier than expected, courtesy Galaxy S9
It's not clear if the Galaxy Note 9 will follow the same path or offer something truly different. Samsung has priced the 128GB variant at Rs.61,900 while the 256GB variant costs Rs.65,900.

Russian MoD: Drop Test of Newest Heavy ICMB Successfully Conducted
If these capabilities are accurate, it could make the Kinzhal hard to intercept by anti-missile systems. Putin also said that other nuclear cruise missiles would have "unlimited" range, as well.

Eddie Redmayne Delivers Emotional Reading At Stephen Hawking's Funeral
Hawking was famously an atheist but his children Lucy, Robert and Tim chose the church of St Mary the Great to say their farewell. The 59-year-old TV presenter wrote: "Sending deepest condolences to the Hawking family today for Stephen's funeral ".

Stocks cap dismal month, quarter with rally
GameStop shares dropped 9.3 percent after the company provided disappointing full-year sales forecast. Shares in several companies that reported improved quarterly earnings or outlooks got a boost.

Stephen Colbert loves Donald Trump's new 'Spanky' nickname
Last night on The Late Show, host Stephen Colbert brought up the president of the United States in his opening monologue. However, Thursday night the "Late Show" host did something he hasn't done before: apologize.

Overwatch Uprising Teaser Released - Expected to Come on April 10th
The video in question, which can be seen above, is a short teaser that clues in players for what is to come in the upcoming event. The skins for the Uprising event previous year were pretty sweet, I was definitely partial to the Mercy loot.

Facebook Sued Over Call and SMS Data Collection
This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook. However, their response to inquiry does not justify the reason behind data collection of texts and calls for years.

Springer, World Series champion Astros top Rangers 4-1 in opener
Texas pounded out 10 hits in the win, led by Shin-Soo Choo with three, and Nomar Mazara scored twice. Andrus led off the ninth against Ken Giles, the third Astros reliever, with a double.

Announcers show utter shock as Notre Dame takes down Uconn
The victor will face Mississippi State, which rallied for a 73-63 overtime victory over Louisville in the first semifinal. The Bulldogs ended UConn's 111-game winning streak in the semifinals previous year before losing to SC in the title game.

Genesis Essentia breaks cover at NY
Its look is heavily inspired by classic grand tourers of yesteryear, with a long bonnet, double bubble roof and taught rear. The battery pack itself is housed low down in a central tunnel in the monocoque, rather than underneath the passengers.