- ShinyHunters stole 14 million Panera Bread customer records via Entra SSO breach
- Attack linked to Okta-targeted voice phishing campaigns affecting multiple companies
- Group exfiltrates data without encryption, demanding payment for stolen information
Panera Bread has reportedly suffered a data breach at the hands of the infamous ShinyHunters hackers, with millions of records, affecting countless customers stolen in the attack.
ShinyHunters added Panera Bread, CarMax, and Edmunds, to its data leak site. For the former, 14 million records were nabbed, which included people’s names, email addresses, postal addresses, as well as phone numbers and account details. In total, 760 MB of compressed data was exfiltrated from the systems.
Speaking to The Register, ShinyHunters said they broke into Panera via Microsoft Entra single sign-on (SSO). If that is true, then this incident is likely tied to Okta’s warning from last week, when the company said it saw cybercriminals targeting Okta, Microsoft, and Google SSO codes through a sophisticated voice phishing campaign.
Voice phishing Okta codes
Furthermore, if that really is the case, then Panera Bread, which has thousands of locations around the US and Canada, can be added to a growing list of victims who lost their data this way: Crunchbase, and Betterment. ShinyHunters said both these were breached by voice phishing Okta codes.
So far, none of the victims spoke publicly about the incidents. Betterment was the only one who confirmed the breach, saying its employees fell for a social engineering attack on January 9:
"The unauthorized access involved third-party software platforms that Betterment uses to support our marketing and operations," the company said.
"Once they gained access, the unauthorized individual was able to send a fraudulent, crypto-related message that appeared to come from Betterment to a subset of our customers."
ShinyHunters is one of the most active ransomware groups at this time, and one of the first which has stopped using an encryptor entirely. Instead of encrypting victim systems, it simply exfiltrates data and demands payment for them. It is easier and cheaper to execute yet pays equally well.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Source: TechRadar
