ShinyHunters claims it stole data from over 14 million Panera Bread accounts and leaked a 760MB archive after Panera refused to pay extortion demands. The group said it accessed systems using a Microsoft Entra SSO code obtained through a vishing campaign, and HIBP reported roughly 5.1 million unique email addresses and associated contact information were exposed; Panera confirmed the data were contact details and notified authorities. #PaneraBread #ShinyHunters
Keypoints
- ShinyHunters leaked a 760MB archive after Panera declined to pay extortion demands.
- HIBP reported about 14 million records exposed, including roughly 5.1 million unique email addresses.
- Attackers claimed to use a Microsoft Entra SSO code obtained via a vishing campaign targeting SSO accounts.
- Panera confirmed the exposed information was contact data and said authorities were notified, but public notifications have not yet been issued.
- Panera previously experienced prolonged data exposure incidents, including a major leak reported in 2018 that affected millions of customers.