Telling researchers and white hat hackers to fuck off is certainly a good decision, right? We should ask VEVO about it. Anyways, mockery aside that’s exactly what happened when Panera Bread was warned about a security flaw they had.
The company failed to fix the issue and now they suffered a data breach this week. With 37 million customer records being exposed for the world to see. Panera Bread tried to save face and say that less than 10,000 customers were affected.
However, the security reporter Brian Krebs and the security researcher who notified Panera of the breach last year disputed that account. Both of them said that these records could be easily accessed as public URLs after Panera said the flaw was fixed.
As for what the leaked data is, things such as names, email addresses, phone numbers, birthdays, last four digits of credit card numbers, home addresses, social account integration information and even saved food preferences were the data that was leaked from customers.
So, why didn’t Panera react to this clear warning of a security flaw? Because they thought that the entire thing was a scam. I mean, this company is run by an ex-EQUIFAX employee so, who is even surprised right now?
Dylan Houlihan notified Panera about the data leak on August 2, 2017, telling the company that its delivery website “exposes sensitive information belonging to every customer who has signed up for an account to order Panera Bread online.”
Panera ignored these warnings, mentioning that Houlihan was “Trying to do a sales pitch”. Which doesn’t even make sense as we do have the e-mail screenshots and they only show actual warnings of the security flaw this company had.
It’s certainly not going to look good for Panera Bread, as a lot of people are beginning to take a major concern over cybersecurity than ever before. Maybe admitting to your mistakes and learning how to tackle these issues in the future is the way to go, don’t you think?