Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It

mlnews

Panera Bread was notified on August 2, 2017 that it's website was leaking customer data including phone numbers, email addresses, home addresses, and other customer attributes, but ignored the email - deciding to neither follow up nor to check their site for leaks. They left the customer data exposed and open and did absolutely nothing to protect it under direction of Security Director Mike Gustavison.

Now, even though it has been public knowledge that 37 million accounts were exposed, Panera continues to attempt to downplay the event by claiming that only 10,000 users are affected - something that they could only know if they were aware and monitoring the breach for a year making the leak intentional.

Panera has stated that they take security very seriously, while at the exact same moment demonstrating that they don't have any clue what security is at all.

travisdh1

Well, Panera, I'm looking for a job, and you seem to need a new Security Director.

momurda

@travisdh1 said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

Well, Panera, I'm looking for a job, and you seem to need a new Security Director.

He probably wont get fired.

scottalanmiller

@momurda said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

@travisdh1 said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

Well, Panera, I'm looking for a job, and you seem to need a new Security Director.

He probably wont get fired.

Almost no chance. Doesn't seem like security is of any priority there.

scottalanmiller

And now you see why I say that the public should know immediately. because this was exposed for a long time and until the public was ready to take action, Panera was never going to do something about it.

travisdh1

@scottalanmiller said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

@momurda said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

@travisdh1 said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

Well, Panera, I'm looking for a job, and you seem to need a new Security Director.

He probably wont get fired.

Almost no chance. Doesn't seem like security is of any priority there.

What security? I've eaten at the local one enough to know.

scottalanmiller

@travisdh1 said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

@scottalanmiller said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

@momurda said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

@travisdh1 said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

Well, Panera, I'm looking for a job, and you seem to need a new Security Director.

He probably wont get fired.

Almost no chance. Doesn't seem like security is of any priority there.

What security? I've eaten at the local one enough to know.

Did you steal your soup?

momurda

Did you steal your soup?

The Chicken and Wild Rice is great. Worth paying for even.

scottalanmiller

@momurda said in Panera Refused to Fix Flaw Leaking Customer Data and Called Researchers Scammers for Reporting It:

Did you steal your soup?

The Chicken and Wild Rice is great. Worth paying for even.

Sounds like we've already paid with our data.

travisdh1

Hah! I was just cleaning out my email and found a survey from them. Wonder if they'll actually respond to me.