Panera Bread May Have Leaked Customer Data For MONTHS….. Jinkies!

Panera Bread may have leaked at least eight months of online customer orders before it was taken down today according to KrebsOnSecurity. The data that was leaked contains names, birthdays, emails, home addresses and the last four digits of credit card numbers belonging to millions of customers who bought food online through panerabread.com.

What’s worse is that the company was warned about this leakage last August:

KrebsOnSecurity learned about the breach earlier today after being contacted by security researcher Dylan Houlihan, who said he initially notified Panera about customer data leaking from its Web site back on August 2, 2017.

A long message thread that Houlihan shared between himself and Panera indicates that Mike Gustavison, Panera’s director of information security, initially dismissed Houlihan’s report as a likely scam. A week later, however, those messages suggest that the company had validated Houlihan’s findings and was working on a fix.

Fast forward to early this afternoon — exactly eight months to the day after Houlihan first reported the problem — and data shared by Houlihan indicated the site was still leaking customer records in plain text. Worse still, the records could be indexed and crawled by automated tools with very little effort.

Wow. Panera Bread really dropped the ball on this one. Either that or they really didn’t care about the security of user data. The cynic in me is voting for the latter. It’s bad enough when a company gets pwned by hackers. But when you’re as insecure as this, it’s inexcusable. Here’s what’s even more inexcusable. When Brian Krebs who runs KrebsOnSecurity reached out to Panera to get their comments on this, they appear to have quickly yanked the website off line to fix the issue. Which implies they could have fixed this months ago when this was raised to them.

#Fail

The take home message is this. Panera Bread doesn’t take the security of your information seriously. Keep that in mind the next time you want to grab a snack or you want to order lunch for your company.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: