Skip to main content

Panera accused security researcher of “scam” when he reported a major flaw

posted onApril 4, 2018
by l33tdawg

Eight months ago, Panera Bread was notified of a security flaw that was leaking customer information to anyone who knew where to look for it. But the company failed to fix the flaw until this week after the breach was made public in a report suggesting that it affected 37 million customer records.

Panera Bread said this week that the leak affected fewer than 10,000 consumers and that it has been fixed. But security reporter Brian Krebs and the security researcher who notified Panera of the breach last year disputed that account. They say that millions of customer records were available online and that they remained available at publicly accessible URLs after Panera said the flaw was fixed. Those URLs appear to have finally been scrubbed of the customer information, as they now produce error messages instead of customer data.

The records "could be indexed and crawled by automated tools with very little effort," Krebs wrote yesterday. Leaked data included Panera customers' loyalty card numbers, "which could potentially be abused by scammers to spend prepaid accounts or to otherwise siphon value from Panera customer-loyalty accounts," he wrote.

Source

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th