Brian Krebs writes in his blog that Panerabread.com has been collecting and publishing millions of customer records.
Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.
[...] Fast forward to early this afternoon — exactly eight months to the day after Houlihan first reported the problem — and data shared by Houlihan indicated the site was still leaking customer records in plain text. Worse still, the records could be indexed and crawled by automated tools with very little effort.
Initially reported as a leak, the records have been freely available online via the company web site for at least eight months.
(Score: 2) by Phoenix666 on Wednesday April 04 2018, @02:36PM (1 child)
Throwaway IDs are too much work. Just say no to datamining. If they really want our dollars, they'll stop asking. Otherwise in most cases nobody *needs* their goods or services. Go to a competitor, DIY, or do without.
We have to push back or we'll sleepwalk our way into one of those dystopian futures portrayed in depressing 70's or 80's sci-fi movies.
Washington DC delenda est.
(Score: 2) by Osamabobama on Wednesday April 04 2018, @07:57PM
Realistically, they can get all the data they need based on your credit card number. It probably takes a bit of extra effort to correlate your credit card with your debit card, if you aren't consistent about payment methods; that's where a phone number can come in handy.
Appended to the end of comments you post. Max: 120 chars.