CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Data Breaches

Hackers Leak 5.1 Million Panera Bread Records

ShinyHunters has claimed the theft of 14 million records from the US bakery-cafe chain’s systems. The post Hackers Leak 5.1 Million Panera Bread Records appeared first on SecurityWeek.

Panera Bread data breach

Data allegedly pertaining to over 5 million Panera Bread customers has emerged online after hackers failed to extort the US bakery-cafe chain.

The ShinyHunters extortion group has claimed the theft of roughly 14 million records from Panera Bread, after compromising a Microsoft Entra single-sign-on (SSO) code.

The attack falls in line with recent ShinyHunters attacks that rely on voice phishing (vishing) and SSO authentication to access victim organizations’ cloud-based software-as-a-service (SaaS) environments.

Last week, ShinyHunters published on its Tor-based leak site a 760GB archive allegedly containing the sensitive information stolen from Panera Bread.

According to the data breach notification site Have I Been Pwned, the data was leaked after the hackers failed to extort the food chain.

The archive includes 5.1 million unique email addresses and likely impacts as many Panera customers. Associated information such as names, addresses and phone numbers was also present in the leak.

While it has not responded to a SecurityWeek inquiry on the incident, Panera Bread has confirmed the intrusion, telling Reuters that the hackers stole “contact information”.

“From a defender’s perspective, 5.1 million compromised accounts still represents a massive downstream risk for credential stuffing, phishing, and identity-based attacks well beyond Panera itself,” SOCRadar CISO Ensar Seker said.

ShinyHunters-branded extortion attacks have been escalating recently, with recent reports suggesting the group was setting up to hit over 100 organizations across multiple sectors. Betterment, Crunchbase, and SoundCloud have confirmed the intrusions.

Panera data leak

The hackers do not target vulnerabilities but instead rely on vishing to obtain SSO codes, bypass MFA, and access the victims’ SaaS environments for data theft and extortion.

“Vishing-driven SSO compromise bypasses many traditional security controls because authentication flows are trusted by design. If identity becomes the new perimeter, then SSO misconfiguration, MFA fatigue, and help-desk social engineering are now tier-one attack vectors,” Seker said.

Related: Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses

Related: 750,000 Impacted by Data Breach at Canadian Investment Watchdog

Related: Traveler Information Stolen in Eurail Data Breach

Related: After Goldman, JPMorgan Discloses Law Firm Data Breach

Latest News

CYBERNEWSMEDIAPublisher