Have I Been Pwned reports that the Panera Bread data breach exposed 5.1 million unique email addresses and associated account information, not the 14 million customers previously reported. The data was published by the ShinyHunters extortion group after an alleged Microsoft Entra SSO vishing attack and leaked roughly 760 MB of files, with related intrusions also impacting Match Group and SoundCloud. #ShinyHunters #PaneraBread
Keypoints
- Have I Been Pwned counts 5.1 million unique email addresses affected in the Panera Bread breach.
- ShinyHunters claimed 14 million records were stolen and published about 760 MB of leaked documents.
- The attackers allegedly used a Microsoft Entra SSO vishing campaign targeting SSO accounts at Okta, Microsoft, and Google.
- BleepingComputer found roughly 5,120,000 unique user accounts and over 26,000 panerabread.com employee emails in the leaked data.
- ShinyHunters also targeted Match Group and SoundCloud; Panera has notified authorities but has not issued public breach notifications yet.