"The criminals' claims, seen by The Register and also shared on Daily Dark Web, allege that they stole more than 14 million records from casual bakery-cafe chain Panera Bread, including names, email and home addresses, phone numbers and account details totaling 760 MB of compressed data. They allegedly stole similar types of personally identifiable information (PII) from used-car-buying platform CarMax (over 500,000 records totaling 1.7 GB compressed), and vehicle-review site Edmunds ("millions" of records totaling 12 GB compressed)."
"ShinyHunters told us that it gained access to Panera via a Microsoft Entra single-sign-on (SSO) code, while the CarMax and Edmunds breaches were from earlier, unrelated intrusions. Scattered Lapsus$ Hunters, which has ties to ShinyHunters, posted CarMax on its now-defunct data-leak site in the fall, and at the time said it was among the dozens of companies' Salesforce environments it had compromised. Last week, Okta warned about cybercriminals stealing Okta, Microsoft, and Google SSO codes in a new rash of voice-phishing campaigns."
ShinyHunters claims to have stolen more than 14 million Panera Bread records, including names, emails, home addresses, phone numbers and account details (760 MB compressed). The gang also claims to have exfiltrated over 500,000 CarMax records (1.7 GB compressed) and millions of Edmunds records (12 GB compressed). ShinyHunters says it accessed Panera via a Microsoft Entra SSO code, while the CarMax and Edmunds incidents stem from earlier, unrelated intrusions. Scattered Lapsus$ Hunters, tied to ShinyHunters, previously posted CarMax data and claimed compromises of Salesforce environments. Okta warned about voice-phishing campaigns stealing SSO codes. ShinyHunters earlier posted Crunchbase, SoundCloud, and Betterment leaks totalling over 50 million records.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]