Panera Bread Accidentally Leaked Millions Of Customers’ Info For 8 Months

Screenshot by Dylan Houlihan

Panera Bread had millions of customers’ credit card numbers, birthdays, email addresses, and home addresses out in the open for 8 months, according to Krebs on Security.

Apparently, in plain text, any customer who had ever signed up for an account on the Panera Bread site, had their personal information, down to their food preferences, visible directly on the site.

The problem was initially brought to Panera’s attention by security researcher Dylan Houlihan, whose information was also leaked on the Panera site. This was back in August, 2017, as Houlihan posted his story to Medium, showing screen shots of his conversation with Panera’s Information Security Director Mike Gustavison. Gustavison said they’d take care of it, and 8 months later, as Houlihan kept tabs on the Panera site, nothing had been done.

That is when Brian Krebs of Krebs On Security brought it to Panera’s attention, Monday. Krebs is one of the most credible sources for data breaches such as this, and Panera acknowledged him as well. Panera said the issue was taken care of, but two hours later, the information was still publicly visible.

That’s two different people, two separate acknowledgments, and two promises that it’d be resolved, but nothing was done — for eight freaking months.

That’s when Krebs really pressed Panera on Twitter, vociferously calling them out for telling Fox News that only about 10 thousand customers were affected, downplaying the number. In reality, Krebs believes that more than 7 million people could have been affected, although official numbers have not been publicly released yet.

Basically, Panera’s security team didn’t give a shit about the leak until they were publicly under fire. Millions of customers had sensitive information flapping in the breeze, and for some unknown reason, Panera did nothing to protect them.

If you click on the links now, they are dead, and no longer show the information. Krebs said there is no evidence of it being a problem, but we are still waiting on Panera to respond and assure everyone that it has finally been resolved.


Square Order App Lets You Ditch the Coffee Shop Line


If you’ve ever waited in a line at Starbucks, with the pressure of being late to work hovering in the back of your mind, you’ll definitely appreciate this news.

According to Engadget, the Square Order app now offers a service where you can put in your coffee order ahead of time through your phone, and simply walk in to pick it up. No lines.

Once you put in your order, using the location settings on your phone, the barista gets notified when you’re getting closer to the coffee shop, and they can get started on your drink so it’s ready when you arrive.

The payment is automatically processed through the app, so you can just walk into the shop, grab your drink and get the hell out of there in a matter of seconds. Laughing at the suckers in line optional.

The app also saves the specifics of your orders, so if you like your coffee customized a certain way, it’ll save it for a smoother ordering process the next time around.

So far, Blue Bottle is the only cafe teamed up with Square, but it does open the door for other cafes and chains to join in. We’re looking at you, Starbucks.

PicThx Engadget