An American chain of bakery-cafe fast-casual restaurants, Panera Bread facing a security issue. The cybersecurity experts say millions of customer data was available on a chain restaurants website such as email and physical addresses, last four digits of credit cards, birthdays and so on. Now the breach affected the customers who ordered food on company’s website. The St. Louis-based company has more than 2,100 retail stores in the United States.
The information accessible in plain content from Panera’s webpage seemed to incorporate records for any customer who has agreed to accept a record to arrange nourishment online by means of panerabread.com.
Dylan Houlihan, Security Researcher initially notified the restaurant chain website was leaky on August 2, 2017. The researcher notified that client information for any user who logged in to order food online available in plain text that a hacker could get to it effectively.
The company said, “There is no evidence of payment card information nor many records being accessed or retrieved.” Further, the company added that it has fixed that problem, yet it’s uncleared why it left the data out in the open for eight months.
Dylan Houlihan said, “Panera Bread uses sequential integers for account IDs, which means that if your goal is to gather as much information as you can instead about someone, you can simply increment through the accounts and collect as much as you’d like, up to and including the entire database.”