from the at-eight-months-it-has-crossed-from-leak-to-publication dept.
Brian Krebs writes in his blog that Panerabread.com has been collecting and publishing millions of customer records.
Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.
[...] Fast forward to early this afternoon — exactly eight months to the day after Houlihan first reported the problem — and data shared by Houlihan indicated the site was still leaking customer records in plain text. Worse still, the records could be indexed and crawled by automated tools with very little effort.
Initially reported as a leak, the records have been freely available online via the company web site for at least eight months.
(Score: 2) by Gaaark on Tuesday April 03 2018, @11:41PM (2 children)
the web site is down.
Soyled?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Wednesday April 04 2018, @01:02AM
Are there even enough Soylentils around to soyle (or is it soyl?) a normal website?
I think I saw this link posted on HN, and it probably hit the Green Site as well. It's more likely it's simply still hugged to death and/or slashdotted.
(Score: 2) by takyon on Wednesday April 04 2018, @01:16AM
Up for me now.
First thing the page asks for is my location, nice.
Hopefully any downtime was intentional so that they could fix their bugs.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by bob_super on Tuesday April 03 2018, @11:47PM (7 children)
Can I get a disposable identity, since everyone is always trying to get all my data in exchange for a $1 rebate, and then leaks it often faster than they can sell it ?
(Score: 0) by Anonymous Coward on Wednesday April 04 2018, @12:35AM (2 children)
Always use a fake DOB unless they check official documents.
Ask yourself if it is worth it
(Score: 0) by Anonymous Coward on Wednesday April 04 2018, @03:18AM (1 child)
I always use a fake DOB of 01/01/1970.
(Score: 0) by Anonymous Coward on Wednesday April 04 2018, @04:59AM
For the unwashed masses:
(Score: 0) by Anonymous Coward on Wednesday April 04 2018, @01:14AM
Last time I ate at Panera was about a year ago (famous last words...).
Also, pretty sure I paid in cash. There's your throwaway.
(Score: 4, Insightful) by Runaway1956 on Wednesday April 04 2018, @02:38AM (2 children)
Well, yes, of course you can get disposable identities. Who checks your ID, anyway? Fill out your frequent fueler, or regular customer card with any damned thing at all. Nothing need be accurate. In some cases, someone might look to see if the names match. Put a name from the other gender on it, tell them it's your wife's or husband's card. Last names don't match? So what, the special other didn't change her name when we married for professional reasons. Or, because she rejects that whole wife-is-property thing. Tell them any damned thing you want, or tell them nothing at all. When they question you, look at them like they are retarded.
You simply don't have to give them anything.
The first time I got really pissed at an intrusive sales pitch, was a Pizza Hut. We had a busy day, running kids in twenty different directions, and I decided to get two big pizzas to avoid cooking. The cashier wanted my phone number. I told her she didn't need my phone number. She insisted that she DID need a phone number to complete the sale. We exchanged a few words, and I finally told her to pack those pizzas up her ass. Went down the street and got KFC's biggest bucket to feed the kids. No phone number needed - all that KFC was interested in was the photograph on the legal tender I offered.
You don't have to give them a damned thing. As a paying customer, you are not even subject to the Geneva Conventions. Give them as much shit as you like, that is where your obligations end.
(Score: 4, Interesting) by TheGratefulNet on Wednesday April 04 2018, @03:11AM
the new method is to keep asking and hope the 'customer' doesn't get annoyed or push back. most people just obey commands and feed the data monster.
I recently switched jobs and for the 'background check' they asked for 7 years of employment info, many things. I've had BG checks done (I'm over 50 and have been working since 20) so I know the routine; you give them the SS # and they go from there. well, not this one; they wanted ME to do all the work. I gave them info about my last job and my high school, that was it.
I got a phone call and email from that jerk BG company (not the one I am now working for) asking for my TAX FORMS from my last job. FUCK YOU. seriously, fuck you, asshole. WHY do you need my whole tax form to do a background check on a software engineer? my god, man. how stupid is that?
they hounded me for days and I avoided them. finally, they gave up, submitted what they had (ie, what I gave them; I doubt they did any work at all) and I got a 'pass' rating, proven by the fact that I'm now working at the company.
the whle bg check shit was really annoying. I knew enough to say 'no' to the bastiges but I bet so many people just complied and rolled over for them. their data base must be making them lots of money, too, with this bonus info.
everyone wants to datamine us. I'm fucking tired of this crap, man.
"It is now safe to switch off your computer."
(Score: 2) by Osamabobama on Wednesday April 04 2018, @07:55PM
If you ask nicely, they would probably let you use the store's phone number.
Appended to the end of comments you post. Max: 120 chars.
(Score: 0) by Anonymous Coward on Wednesday April 04 2018, @02:25AM (1 child)
so only vegans were harmed, aka nothing lost, not news.
(Score: 3, Touché) by takyon on Wednesday April 04 2018, @05:56AM
Vegans harm back. [nbcnews.com]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Phoenix666 on Wednesday April 04 2018, @02:36PM (1 child)
Throwaway IDs are too much work. Just say no to datamining. If they really want our dollars, they'll stop asking. Otherwise in most cases nobody *needs* their goods or services. Go to a competitor, DIY, or do without.
We have to push back or we'll sleepwalk our way into one of those dystopian futures portrayed in depressing 70's or 80's sci-fi movies.
Washington DC delenda est.
(Score: 2) by Osamabobama on Wednesday April 04 2018, @07:57PM
Realistically, they can get all the data they need based on your credit card number. It probably takes a bit of extra effort to correlate your credit card with your debit card, if you aren't consistent about payment methods; that's where a phone number can come in handy.
Appended to the end of comments you post. Max: 120 chars.