Overview
- Have I Been Pwned and independent analyses identified roughly 5.1 million unique email addresses in the leaked dataset, contradicting early reports of 14 million customers.
- Panera confirmed to authorities that the exposed data is contact information, and the company has not yet issued public breach notifications.
- ShinyHunters published the stolen data after extortion attempts failed, with the group’s 14 million figure referring to records rather than unique accounts.
- The attackers told BleepingComputer they used a Microsoft Entra single sign-on code obtained through voice phishing as part of a broader SSO-focused campaign.
- Related incidents in the same campaign include Match Group confirming theft of a limited amount of user data and SoundCloud reporting a breach affecting 29.8 million accounts.