Panera Bread Data Breach: 5.1 Million Records Exposed

Panera Bread Data Breach: 5.1 Million Records Exposed

Posted on By CWS

Key Points

  • Hackers have leaked data from over 5 million Panera Bread customers.
  • ShinyHunters group claims responsibility for the breach using SSO code compromise.
  • Data includes emails, names, addresses, and phone numbers.

Massive Data Leak Hits Panera Bread

Panera Bread has become the latest victim of a significant data breach, with hackers releasing information on over 5.1 million customers online. The breach was executed by the notorious ShinyHunters group, who attempted to extort the popular US bakery-cafe chain by compromising a Microsoft Entra single-sign-on (SSO) code.

The attack aligns with ShinyHunters’ recent strategies involving voice phishing (vishing) and exploiting SSO authentication to infiltrate cloud-based software-as-a-service (SaaS) platforms. This breach highlights the growing trend of cyberattacks targeting SSO vulnerabilities.

Details of the Breach

Last week, the hackers published a 760GB archive on their Tor-based leak site, allegedly containing sensitive customer information obtained from Panera Bread. According to the breach notification site Have I Been Pwned, the data was exposed after extortion attempts failed.

The leaked archive reportedly includes 5.1 million unique email addresses, along with potentially accompanying names, addresses, and phone numbers. This development poses a significant risk of credential stuffing, phishing, and identity-based attacks for the affected customers.

Security Concerns and Industry Impact

While Panera Bread has confirmed the security breach, they have yet to provide detailed responses regarding the incident. However, company representatives have acknowledged the theft of contact information.

Ensar Seker, CISO at SOCRadar, emphasized that the compromised accounts present a substantial risk beyond Panera itself, potentially leading to further cyberattacks. ShinyHunters has been increasingly active, with reports suggesting plans to target over 100 organizations across various sectors.

The hackers’ methods focus on exploiting vishing to acquire SSO codes, bypass multi-factor authentication (MFA), and access victims’ SaaS environments. This tactic circumvents traditional security measures, making SSO misconfigurations and social engineering prime targets for attackers.

Conclusion

The Panera Bread data breach underscores the critical need for organizations to bolster their cybersecurity defenses, particularly regarding SSO and MFA protections. As cyber threats become more sophisticated, companies must remain vigilant and proactive in safeguarding customer data and preventing future attacks.

Security Week News Tags:, , , , , , , , , , , , , ,

Related Posts

Cybersecurity M&A Roundup: 30 Deals Announced in December 2025 Cybersecurity M&A Roundup: 30 Deals Announced in December 2025 Security Week News
Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment Security Week News
CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability Security Week News
Trustifi Raises Million for AI-Powered Email Security Trustifi Raises $25 Million for AI-Powered Email Security Security Week News
Prometei Botnet Activity Spikes – SecurityWeek Prometei Botnet Activity Spikes – SecurityWeek Security Week News
CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks Security Week News