SECURITYWEEK reports that hackers have leaked 5.1 million Panera Bread records, with the archive allegedly containing 5.1 million unique email addresses and accompanying data such as names, addresses and phone numbers. The ShinyHunters extortion group has claimed the theft of roughly 14 million records from Panera Bread after compromising a Microsoft Entra single-sign-on (SSO) code.
The breach follows the group’s recent pattern of vishing and SSO–based access to SaaS environments, and a 760GB archive was published on its leak site. Panera Bread has confirmed the intrusion, telling Reuters that the hackers stole “contact information,” while SecurityWeek notes the incident poses a substantial downstream risk for credential stuffing and identity-based attacks. According to Have I Been Pwned, the data was leaked after the extortion attempt failed, and Have I Been Pwned is cited in the reporting.
The piece also references ongoing activity by ShinyHunters, which has been escalating with attacks on multiple organisations.