- Trump randomly calls for companies to ‘step up’ their 5G efforts in U.S. 11 Months Ago
- Professional media person: Poor people have money but they just waste it on ‘benders’ 11 Months Ago
- Netflix acquires highest-grossing blockbuster of 2019 (so far) Today 9:29 AM
- Ocasio-Cortez blasts media over home reports after Coast Guard member’s hit list revealed Today 8:52 AM
- Are you being harassed by a Bernie Bro or a Bernie bot? Today 7:30 AM
- Jason Reitman is empowering toxic ‘Ghostbusters’ fanboys Today 6:55 AM
- The Twitter accounts taking on journalism’s straight, white, cis male problem Today 6:30 AM
- 12 essential Amazon Echo accessories for your smart home Today 6:00 AM
- How to watch ‘A Place to Call Home’ online for free Today 5:30 AM
- Report: Disney yanks YouTube ad spending following child exploitation accusations Wednesday 7:56 PM
- These people are organizing Fyre Fest live-action role-play parties Wednesday 6:35 PM
- White woman berates Mexican restaurant manager for speaking Spanish Wednesday 4:12 PM
- In Pixar short ‘Kitbull,’ a cat and pit bull become unlikely friends Wednesday 3:48 PM
- Stop exploiting the Jussie Smollett case to discredit LGBTQ hate crime victims Wednesday 3:28 PM
- The best Netflix original movies of 2019 Wednesday 3:20 PM
Mike Mozart/Flickr (CC-BY)
A security flaw in Panera Bread’s website has left “millions” of customers’ information vulnerable to “anyone who knew where to look” for at least eight months, according to CNET.
The exposed data includes customer names, email addresses, birthdays, the last four digits of payment cards, phone numbers, and physical addresses, reports cybersecurity writer Brian Krebs. Panera loyalty card numbers, which could potentially be abused by scammers, were also exposed.
“The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com,” Krebs said.
Another security researcher notified Panera of the website vulnerability in August 2017, but the restaurant chain didn’t address the issue until Monday. Panera confirmed the problem, saying it affected only 10,000 of its customers.
“Panera takes data security very seriously and this issue is resolved,” said John Meister, Panera’s chief information officer. “Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”
But Krebs writes the company has only “fixed” the vulnerability “by requiring people to log in to a valid user account at panerabread.com in order to view the exposed customer records.” The data breach may also affect customers of other catering companies that fall under Panera’s commercial division.
“At last count, the number of customer records exposed in this breach appears to exceed 37 million,” Krebs said.
Kris Seavers is the Evening Editor for the Daily Dot, where she covers breaking news, politics, and LGBTQ issues. Her work has appeared in Central Texas publications, including Austin Monthly and San Antonio Magazine, and on NPR.