Brian Krebs writes in his blog that Panerabread.com has been collecting and publishing millions of customer records.
Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.
[...] Fast forward to early this afternoon — exactly eight months to the day after Houlihan first reported the problem — and data shared by Houlihan indicated the site was still leaking customer records in plain text. Worse still, the records could be indexed and crawled by automated tools with very little effort.
Initially reported as a leak, the records have been freely available online via the company web site for at least eight months.
(Score: 2) by Osamabobama on Wednesday April 04 2018, @07:57PM
Realistically, they can get all the data they need based on your credit card number. It probably takes a bit of extra effort to correlate your credit card with your debit card, if you aren't consistent about payment methods; that's where a phone number can come in handy.
Appended to the end of comments you post. Max: 120 chars.