- ShinyHunters stole 14 million Panera Bread customer records via Entra SSO breach
- Attack linked to voice phishing campaigns targeted on Okta and affecting several companies
- Group exfiltrates data without encryption, demands payment for stolen information
Panera Bread reportedly suffered a data breach from the infamous ShinyHunters hackers, with millions of records, affecting countless customers stolen in the attack.
ShinyHunters added Panera Bread, CarMax and Edmunds to its data leak site. For the first, 14 million records were intercepted, including people’s names, email addresses, postal addresses, as well as telephone numbers and account details. In total, 760 MB of compressed data was exfiltrated from the systems.
Talk to The registerShinyHunters said they broke into Panera via Microsoft Entra single sign-on (SSO). If true, then this incident is likely linked to Okta’s warning from last week, when the company said it saw cybercriminals targeting Okta, Microsoft and Google SSO codes via a sophisticated voice phishing campaign.
Voice Phishing Okta Codes
Additionally, if this is truly the case, then Panera Bread, which has thousands of locations across the United States and Canada, may be added to a growing list of victims who have lost their data this way: Crunchbase and Betterment. ShinyHunters said both codes were breached by Okta voice phishing codes.
So far, none of the victims have spoken publicly about these incidents. Betterment was the only one to confirm the breach, saying its employees were victims of a social engineering attack on January 9:
“The unauthorized access involved third-party software platforms that Betterment uses to support our marketing and operations,” the company said.
“Once access was gained, the unauthorized individual was able to send a crypto-related fraudulent message that appeared to come from Betterment to a subset of our customers.”
ShinyHunters is one of the most active ransomware groups today, and one of the first to completely stop using an encryptor. Instead of encrypting victims’ systems, it simply exfiltrates the data and demands payment for it. It’s easier and cheaper to run, but just as profitable.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
