"The ShinyHunters extortion group has claimed the theft of roughly 14 million records from Panera Bread, after compromising a Microsoft Entra single-sign-on (SSO) code. The attack falls in line with recent ShinyHunters attacks that rely on voice phishing (vishing) and SSO authentication to access victim organizations' cloud-based software-as-a-service (SaaS) environments. Last week, ShinyHunters published on its Tor-based leak site a 760GB archive allegedly containing the sensitive information stolen from Panera Bread."
"According to the data breach notification site Have I Been Pwned, the data was leaked after the hackers failed to extort the food chain. The archive includes 5.1 million unique email addresses and likely impacts as many Panera customers. Associated information such as names, addresses and phone numbers was also present in the leak. While it has not responded to a SecurityWeek inquiry on the incident, Panera Bread has confirmed the intrusion, telling Reuters that the hackers stole "contact information"."
ShinyHunters claimed they stole roughly 14 million records from Panera Bread after compromising a Microsoft Entra single-sign-on (SSO) code. The group published a 760GB archive on a Tor-based leak site that allegedly contains the stolen data. The archive reportedly includes 5.1 million unique email addresses and associated names, addresses, and phone numbers. Have I Been Pwned indicates the leak followed a failed extortion attempt. Panera Bread confirmed the intrusion and said the hackers stole "contact information." The attackers use voice phishing (vishing) to obtain SSO codes, bypass MFA, and access SaaS environments for data theft and extortion.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]