- No, that guy didn’t really fly alone on a Delta flight Saturday 4:31 PM
- Fans are paying to meet their favorite YouTubers online through pilot program Saturday 2:54 PM
- Behold: 12 straight hours of ‘Stranger Things” Alexei drinking a Slurpee Saturday 2:05 PM
- Influencer couple under fire for using holy water to splash genitals in Bali Saturday 1:29 PM
- These are the 10 best villains DC comics has ever conceived Saturday 1:11 PM
- The Daily Wire accused of stealing art design from pop artist for its merchandise Saturday 12:09 PM
- Instagram model Rianne Meijer on keeping it real with her followers Saturday 10:52 AM
- How to stream Chelsea vs. Leicester City Saturday 8:30 AM
- Florida man arrested after allegedly texting girlfriend his mass shooting plans Saturday 8:27 AM
- How to stream Real Madrid vs. Celta Vigo Saturday 8:20 AM
- How to stream Seahawks vs. Vikings in NFL preseason action Saturday 8:00 AM
- How to stream Steelers vs. Chiefs in NFL preseason action Saturday 6:30 AM
- Chuck E. Cheese recycles pizza is the conspiracy theory that won’t die Saturday 6:30 AM
- How to stream Cowboys vs Rams in NFL preseason action Saturday 6:00 AM
- Cómo ver el UFC 241: Daniel Cormier vs. Stipe Miocic Saturday 6:00 AM
A security flaw in Panera Bread’s website has left “millions” of customers’ information vulnerable to “anyone who knew where to look” for at least eight months, according to CNET.
The exposed data includes customer names, email addresses, birthdays, the last four digits of payment cards, phone numbers, and physical addresses, reports cybersecurity writer Brian Krebs. Panera loyalty card numbers, which could potentially be abused by scammers, were also exposed.
“The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com,” Krebs said.
Another security researcher notified Panera of the website vulnerability in August 2017, but the restaurant chain didn’t address the issue until Monday. Panera confirmed the problem, saying it affected only 10,000 of its customers.
“Panera takes data security very seriously and this issue is resolved,” said John Meister, Panera’s chief information officer. “Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”
But Krebs writes the company has only “fixed” the vulnerability “by requiring people to log in to a valid user account at panerabread.com in order to view the exposed customer records.” The data breach may also affect customers of other catering companies that fall under Panera’s commercial division.
“At last count, the number of customer records exposed in this breach appears to exceed 37 million,” Krebs said.
Kris Seavers is the Evening Editor for the Daily Dot, where she covers breaking news, politics, and LGBTQ issues. Her work has appeared in Central Texas publications, including Austin Monthly and San Antonio Magazine, and on NPR.