Panera Bread Data Breach: 5.1 Million Records Exposed

Panera Bread Data Breach: 5.1 Million Records Exposed

Posted on By CWS

Key Points

  • Hackers have leaked data from over 5 million Panera Bread customers.
  • ShinyHunters group claims responsibility for the breach using SSO code compromise.
  • Data includes emails, names, addresses, and phone numbers.

Massive Data Leak Hits Panera Bread

Panera Bread has become the latest victim of a significant data breach, with hackers releasing information on over 5.1 million customers online. The breach was executed by the notorious ShinyHunters group, who attempted to extort the popular US bakery-cafe chain by compromising a Microsoft Entra single-sign-on (SSO) code.

The attack aligns with ShinyHunters’ recent strategies involving voice phishing (vishing) and exploiting SSO authentication to infiltrate cloud-based software-as-a-service (SaaS) platforms. This breach highlights the growing trend of cyberattacks targeting SSO vulnerabilities.

Details of the Breach

Last week, the hackers published a 760GB archive on their Tor-based leak site, allegedly containing sensitive customer information obtained from Panera Bread. According to the breach notification site Have I Been Pwned, the data was exposed after extortion attempts failed.

The leaked archive reportedly includes 5.1 million unique email addresses, along with potentially accompanying names, addresses, and phone numbers. This development poses a significant risk of credential stuffing, phishing, and identity-based attacks for the affected customers.

Security Concerns and Industry Impact

While Panera Bread has confirmed the security breach, they have yet to provide detailed responses regarding the incident. However, company representatives have acknowledged the theft of contact information.

Ensar Seker, CISO at SOCRadar, emphasized that the compromised accounts present a substantial risk beyond Panera itself, potentially leading to further cyberattacks. ShinyHunters has been increasingly active, with reports suggesting plans to target over 100 organizations across various sectors.

The hackers’ methods focus on exploiting vishing to acquire SSO codes, bypass multi-factor authentication (MFA), and access victims’ SaaS environments. This tactic circumvents traditional security measures, making SSO misconfigurations and social engineering prime targets for attackers.

Conclusion

The Panera Bread data breach underscores the critical need for organizations to bolster their cybersecurity defenses, particularly regarding SSO and MFA protections. As cyber threats become more sophisticated, companies must remain vigilant and proactive in safeguarding customer data and preventing future attacks.

Security Week News Tags:, , , , , , , , , , , , , ,

Related Posts

WireTap Attack Breaks Intel SGX Security WireTap Attack Breaks Intel SGX Security Security Week News
Axonius Acquires Medical Device Security Firm Cynerio in 0 Million Deal Axonius Acquires Medical Device Security Firm Cynerio in $100 Million Deal Security Week News
Zast.AI Secures Million for Advanced Code Security Zast.AI Secures $6 Million for Advanced Code Security Security Week News
American Airlines Subsidiary Envoy Air Hit by Oracle Hack American Airlines Subsidiary Envoy Air Hit by Oracle Hack Security Week News
Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified Security Week News
Recent SAP S/4HANA Vulnerability Exploited in Attacks Recent SAP S/4HANA Vulnerability Exploited in Attacks Security Week News