【Friend’s Mothers 4】

Here's your daily reminder there's no such thing as true security.

Panera Bread,Friend’s Mothers 4 the beloved St. Louis-based bakery chain, is the latest company to show how much it doesn't care about protecting customer data.

SEE ALSO: Hackers steal credit card data from 5 million Saks and Lord & Taylor customers

The food chain's website reportedly left its customers' personal data completely exposed for anyone to scoop up.

Data including "names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number" were leaked online according to cybersecurity expert Brian Krebs, who helped publicize the news.

Security professional Dylan Houlihan first discovered Panera Bread's website was leaking customer data (including his own) in easily readable plain text in August 2017.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

After a series of emails and false accusations claiming he was a scammer or was interested in a bounty, Mike Gustavison, Panera Bread’s Information Security Director, finally responded and said they were working on a resolution.

Eight months roll by — all the while, Houlihan's checking every month to see if the security hole has been fixed — and nothing happens. Houlihan decides enough is enough and forces Panera Bread's hand by getting Krebs to publicize the flaw in hopes of forcing the company to expedite a fix.

It's believed millions of users' data could have been exposed. Panera Bread, however, has downplayed the severity of the data leak, telling Fox News "only 10,000 customer records were exposed."

Panera Bread then said the company had fixed the security flaw, but Krebs discovered it wasn't in fact patched:

Almost in an instant, multiple sources — especially @holdsecurity — pointed out that Panera had basically “fixed” the problem by requiring people to log in to a valid user account at panerabread.com in order to view the exposed customer records (as opposed to letting just anyone with the right link access the records).

@onsecurity now believes up to 37 million customer records may have been affected.

At the time of publishing, Panera Bread's website remains down.

Original image has been replaced. Credit: Mashable

We've reached out to Panera Bread for comment on why it ignored Houlihan's warnings and failed to fix the flaw for eight months. We will update this article if and when we hear back.

---

Featured Video For You

---

Here's 5 tips for Spring cleaning your digital footprint

---

Topics Cybersecurity

• Shopping
• Social Good
• Tech
• Deals
• Games
• Science
• Digital Culture
• Life

• Best grocery deal: Spend $20 and get $5 off at Amazon
• The Ashbery Files
• New Year's traditions, like eating 12 grapes, are trending on TikTok.
• The Ashbery Files
• Get the official Atari 7800+ Console for 50% off
• The Ashbery Files
• Finding Home After the Vietnam War by Zachary Watterson
• 4' 33": On Listening to the Silence
• Bargaining For the Common Good
• A guide to thirst commenting in 2022

• Cooking with Iris Murdoch by Valerie Stivers
• Poetry Rx: Your Body Will Haunt Mine by Claire Schwartz
• How Jean Toomer Rejected the Black
• The Truth About AI: A Secular Ghost Story by Zachary Mason
• Mothers as Makers of Death
• Poetry Rx: You Are a Threat Loving Yourself by Sarah Kay
• The Desire to Unlearn by Chigozie Obioma
• Tove Jansson’s “The Island” by Tove Jansson
• Poetry Rx: This Was Once a Love Poem by Kaveh Akbar
• Notes Nearing Ninety: Learning to Write Less

• Amazon Big Spring Sale 2025: Save $170 on Dyson Hot+Cool
• Michael Friedman’s Unwritten Columns
• 2023 predictions and Stanley Tucci: The 11 best tweets from the last week of 2022
• How the Unflappable Fred Astaire Survived the Fifties
• Astronomers saw one galaxy impale another. The damage was an eye
• 'The Crown' Season 6 review: Netflix's series faces Princess Diana's death
• How to watch PSU vs. Rutgers football without cable: kickoff time, streaming deals, and more
• Best deals of the day Jan. 5: Theragun Pro massage gun, 65
• Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch
• On the Pleasures of Front Matter

• Turtle Beach Recon 50P gaming headset deal: 28% off
• ‘Neil the Horse’ Rides Again
• How to watch LSU vs. Georgia State football livestreams: kickoff time, streaming deals, and more
• Apple is adopting RCS support for iPhone, but what does this mean for green bubbles?
• The EPA axed its climate change websites, but NASA's are still intact
• Parents sue Roblox over alleged failures to protect children from explicit content
• Best Echo Dot deal: Score the Amazon Echo Dot for under $23
• On the Pleasures of Front Matter
• Elon Musk says Mars ship could make first flights in 2019
• 'Rustin' review: An awful film with a tremendous lead performance