Home Consumer Panera Bread Blew Off Breach Report For 8 Months, Leaked Millions Of...

Panera Bread Blew Off Breach Report For 8 Months, Leaked Millions Of Customer Records

breach
Panera Bread (Image: Mike Mozart of JeepersMedia/Flickr)

Panera Bread’s website leaked millions of customer records in plain text for at least eight months, which is how long the company blew off the issues reported by security researcher Dylan Houlihan. Houlihan finally turned to Brian Krebs who ran with the story. From there, it turned into a real cluster flub.

Houlihan shared copies of email exchanges with Panera Bread CIO John Meister – who at first accused Houlihan of trying to run a scam when he first reported the security vulnerability back in August 2017.

According to Houlihan’s post on Medium, as well as one on Pastebin, the Panerabread.com website had an “unauthenticated API endpoint that allows anyone to access the following information about anyone who has ever signed up for an account to order food from Panera Bread: username, first and last name, email address, phone number, birthday, last four digits of saved credit card number, saved home address, social account integration information, saved user food preferences and dietary restrictions.”

[vc_btn title=”Continue reading” style=”outline” color=”black” link=”url:https%3A%2F%2Fwww.csoonline.com%2Farticle%2F3268025%2Fsecurity%2Fpanera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html||target:%20_blank|”][vc_message message_box_style=”outline” message_box_color=”black”]CSOOnlineexcerpt posted on SouthFloridaReporter.com, April 4, 2018 [/vc_message]

Disclaimer

The information contained in South Florida Reporter is for general information purposes only.
The South Florida Reporter assumes no responsibility for errors or omissions in the contents of the Service.
In no event shall the South Florida Reporter be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents of the Service at any time without prior notice.
The Company does not warrant that the Service is free of viruses or other harmful components