Latest in Gear

Image credit:

Panera Bread left millions of customer records exposed on the web

There's no evidence of intrusion, but it was still a serious oversight.
Jon Fingas, @jonfingas
April 2, 2018
2 Shares
Share
Tweet
Share

Sponsored Links

Victor J. Blue/Bloomberg via Getty Images

Add another big-name brand to the list of those who've left customer data exposed online. Thanks to security researcher Dylan Houlihan, KrebsOnSecurity has discovered that Panera Bread left millions of customer sign-up records (possibly 37 million) in plain text on its website, including email addresses, home addresses, phone numbers and loyalty account numbers. There was no payment info, thankfully, but it would have been patently easy for evildoers to harvest that information and use it as part of identity fraud or spam campaigns.

Crucially, Panera Bread didn't appear to be responsive to the problem. Houlihan notified the company about the problem in August 2017 and got a response promising that its team was "working on a resolution," but it didn't take down the info until KrebsOnSecurity got involved -- twice. In a statement, Panera Bread said it was still investigating the vulnerability but indicated that there was "no evidence" of either payment info or anyone accessing a "large number" of the accounts.

As such, you're probably not at risk if you signed up for a Panera Bread website account. However, this underscores a recurring problem with internet security: numerous companies have failed to encrypt data or otherwise abide by basic security policies. Although there's no guarantee that locking down data will prevent breaches, it beats welcoming thieves with open arms.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
2 Shares
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
The Arecibo Observatory's telescope has collapsed

The Arecibo Observatory's telescope has collapsed

View
The second-gen Eve V may take on the Surface Pro again in 2021

The second-gen Eve V may take on the Surface Pro again in 2021

View
The Snapdragon 888 is Qualcomm's latest premium CPU for smartphones

The Snapdragon 888 is Qualcomm's latest premium CPU for smartphones

View
Watch the trailer for Studio Ghibli's first fully CG movie

Watch the trailer for Studio Ghibli's first fully CG movie

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr