好的,我现在需要帮用户总结这篇文章的内容,控制在100个字以内。首先,我得通读全文,抓住关键信息。 文章主要讲的是Panera Bread的数据泄露事件。最初报道说有1400万账户受影响,但后来HIBP确认只有510万账户受到影响。攻击者ShinyHunters团伙利用微软的SSO代码入侵了系统,并在未能勒索成功后泄露了数据。数据包括电子邮件、姓名、电话号码和地址等信息。 此外,文章还提到Panera Bread在2018年曾发生过类似的数据泄露事件,当时有大量客户记录被泄露,包括信用卡信息和忠诚度账户号码。这次事件中,安全研究员Dylan Houlihan早在2017年就报告了漏洞,但公司并未及时修复。 总结时,我需要涵盖以下几点:数据泄露的数量变化(从1400万到510万)、攻击手段(利用SSO代码)、泄露的数据类型、以及之前的类似事件。同时要简洁明了,不超过100字。 现在开始组织语言:Panera Bread的数据泄露影响了510万个账户,最初报告为1400万。攻击者利用微软的SSO代码入侵,并在勒索失败后公开数据。这并非该公司首次发生此类事件。 检查字数是否符合要求,并确保信息准确无误。 </think> Panera Bread数据泄露事件影响5.1 million账户,实际数量远低于最初报告的14 million。攻击者利用微软Entra SSO代码入侵系统,并在勒索未果后公开数据。此次泄露包含用户联系信息如电子邮件、姓名、电话号码和地址等。 2026-2-2 20:42:20 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms
Pierluigi Paganini
February 02, 2026
Have I Been Pwned says Panera Bread ’s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported.
Have I Been Pwned followed claims by the ShinyHunters gang, which said it stole data from over 14 million Panera Bread accounts. After Panera refused to pay, the group leaked a 760MB archive on its data leak site. ShinyHunters said it accessed Panera’s systems using a Microsoft Entra SSO code as part of a broader vishing campaign targeting SSO accounts at major identity providers across more than 100 organizations.
“In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses.” reported HIBP. “Panera Bread subsequently confirmed that “the data involved is contact information” and that authorities were notified.”
BleepingComputer confirmed that roughly 5,120,000 accounts were impacted, adding that the number of affected users may be lower since individuals may have used more than one account.
At this time, Panera confirmed the breach to authorities, saying the exposed data was contact information, but has not yet issued public notifications.
Panera Bread is a U.S.-based bakery-café chain known for bread, sandwiches, soups, salads, and coffee. Founded in 1987, it operates thousands of locations and focuses on fast-casual dining with dine-in, takeout, and delivery options.
In April 2018, the popular journalist and cyber investigator Brian Krebs revealed that the Panera Bread’s website leaked millions of customer records, including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number, for at least eight months before it was taken offline.
Panera Bread exposed the data at least for eight months after the company was first notified of the data leak.
The company also exposed customer’s Panera loyalty card number, which could be used by scammers to spend prepaid accounts or to steal value from Panera customer loyalty accounts.
The disconcerting aspect of the story is that the issue was first notified to Panera Bread by the security researcher Dylan Houlihan on August 2, 2017.
The experts reported that in a first time the IT staff did not acknowledge the flaw, but after further investigation, the director of information technology Mike Gustavison told to the expert that the issue was fixed.
Houlihan verified that the issue was not fixed and on April 2nd, 2018, reported it to Brian Krebs.
Panera told Fox Business that the data leak affected only about 10,000 records, but experts at Hold Security estimated that the number of affected accounts is approximately 37 million.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
如有侵权请联系:admin#unsafe.sh