- Seth Abramson’s epic Mueller thread finally comes to a conclusion 1 Year Ago
- Netflix is testing out a random play feature 1 Year Ago
- Teen star Danielle Cohn faked pregnancy for YouTube prank 1 Year Ago
- How to watch ‘A Discovery of Witches’ for free 1 Year Ago
- Rev up your own family rivalries with these ‘Game of Thrones’ board games Today 10:29 AM
- Mueller’s ‘harm to ongoing matter’ is the best way to stay silent about your life Today 10:21 AM
- 10 Korean skincare brands that are worth your money Today 10:00 AM
- 20 unique Mother’s Day gifts for the cool moms Today 9:45 AM
- Ancestry.com ad tries to sell slavery as romance—not rape Today 9:44 AM
- The 9 best Satanic movies on Shudder Today 9:22 AM
- Twitch streamer banned after accidentally revealing racist chats Today 9:21 AM
- This video captures 15 years of meme trends in 10 minutes Today 8:57 AM
- Trump calls parts of Mueller Report ‘total bullshit’ in unfinished tweetstorm Today 8:24 AM
- Amid ‘Avengers’ hype, ‘Spider-Man: Far From Home’ bumps up release date Today 7:57 AM
- Netflix’s ‘Someone Great’ is a coming-of-age rom-com for twenty-somethings Today 7:03 AM
Mike Mozart/Flickr (CC-BY)
A security flaw in Panera Bread’s website has left “millions” of customers’ information vulnerable to “anyone who knew where to look” for at least eight months, according to CNET.
The exposed data includes customer names, email addresses, birthdays, the last four digits of payment cards, phone numbers, and physical addresses, reports cybersecurity writer Brian Krebs. Panera loyalty card numbers, which could potentially be abused by scammers, were also exposed.
“The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com,” Krebs said.
Another security researcher notified Panera of the website vulnerability in August 2017, but the restaurant chain didn’t address the issue until Monday. Panera confirmed the problem, saying it affected only 10,000 of its customers.
“Panera takes data security very seriously and this issue is resolved,” said John Meister, Panera’s chief information officer. “Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”
But Krebs writes the company has only “fixed” the vulnerability “by requiring people to log in to a valid user account at panerabread.com in order to view the exposed customer records.” The data breach may also affect customers of other catering companies that fall under Panera’s commercial division.
“At last count, the number of customer records exposed in this breach appears to exceed 37 million,” Krebs said.
Kris Seavers is the Evening Editor for the Daily Dot, where she covers breaking news, politics, and LGBTQ issues. Her work has appeared in Central Texas publications, including Austin Monthly and San Antonio Magazine, and on NPR.