Latest in Gear

Image credit:

Panera Bread left millions of customer records exposed on the web

There's no evidence of intrusion, but it was still a serious oversight.
Jon Fingas, @jonfingas
April 2, 2018
2 Shares
Share
Tweet
Share

Sponsored Links

Victor J. Blue/Bloomberg via Getty Images

Add another big-name brand to the list of those who've left customer data exposed online. Thanks to security researcher Dylan Houlihan, KrebsOnSecurity has discovered that Panera Bread left millions of customer sign-up records (possibly 37 million) in plain text on its website, including email addresses, home addresses, phone numbers and loyalty account numbers. There was no payment info, thankfully, but it would have been patently easy for evildoers to harvest that information and use it as part of identity fraud or spam campaigns.

Crucially, Panera Bread didn't appear to be responsive to the problem. Houlihan notified the company about the problem in August 2017 and got a response promising that its team was "working on a resolution," but it didn't take down the info until KrebsOnSecurity got involved -- twice. In a statement, Panera Bread said it was still investigating the vulnerability but indicated that there was "no evidence" of either payment info or anyone accessing a "large number" of the accounts.

As such, you're probably not at risk if you signed up for a Panera Bread website account. However, this underscores a recurring problem with internet security: numerous companies have failed to encrypt data or otherwise abide by basic security policies. Although there's no guarantee that locking down data will prevent breaches, it beats welcoming thieves with open arms.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
2 Shares
Share
Tweet
Share

Popular on Engadget

Facebook inexplicably logs out iPhone users

Facebook inexplicably logs out iPhone users

View
Pixar's 'Soul' was so popular on streaming that it beat 'The Office'

Pixar's 'Soul' was so popular on streaming that it beat 'The Office'

View
Microsoft reverses Xbox Live price hike, will add free multiplayer for some games

Microsoft reverses Xbox Live price hike, will add free multiplayer for some games

View
Put Bernie Sanders almost anywhere with this Google Street View app

Put Bernie Sanders almost anywhere with this Google Street View app

View
Tesla accuses engineer of stealing crucial company software

Tesla accuses engineer of stealing crucial company software

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr