Panerabread.com, an American chain of bakery-café fast casual restaurants in the United States and Canada, leaked millions of customer data including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number.
According to security researcher, Brian Krebs the data were available in plain text in the Panerabread.com website for at least 8 months before it went offline on April 2nd, 2018.
Researchers also said that they learned about the breach after being notified by security researcher Dylan Houlihan who said he initially informed Panera about the breach on August 2, 2017.
At first, the company dismissed it thinking as a scam, but later the company responded with a message that they were working on a fix for the issue said, Dylan Houlihan.
The company took the website offline after KrebsOnSecurity reported the breach and was back online after two hours.
“Panera takes data security very seriously, and this issue is resolved, Following reports today of a potential problem on our website, we suspended the functionality to repair the issue.” said in the statement released by the company.
Alex Holden, chief information security officer at Hold Security said that fix applied the company mitigated the immediate issue with exposure, but the website was still vulnerable.
“I believe that the fix applied last night mitigated the immediate issue with exposure.However, looking at my personal setting account on Panera site, I noticed a number of serious vulnerabilities and exposures that are unbecoming to a site like Panera’s and the data it is set to protect.”
Holden also disagreed with the claim that given by the company to FOX NEWS that records of less 10,000 Panera customers were exposed in this breach.
According to holden “the flaws stretched to various parts of the company’s portals including anyone registered with its loyalty program and anyone who ordered delivery or catering. After crunching the numbers, he said exposure is more likely in the millions — possibly as high as 41 million, rather than 10,000 as stated by Panera.”