Hackers known as ShinyHunters have leaked data from over 5 million Panera Bread customers after an unsuccessful extortion attempt. They claimed to have stolen roughly 14 million records by exploiting a vulnerability in Microsoft Entra's single-sign-on (SSO) system. The breach involved a 760GB archive published on their Tor site, containing sensitive information such as names, addresses, phone numbers, and unique email addresses. Panera has confirmed the breach, stating that the hackers accessed and stole “contact information.” Experts warn that this data presents a significant risk for credential stuffing and phishing attacks, extending beyond Panera itself. ShinyHunters have ramped up their activities, with reports indicating plans to target over 100 organizations. Their tactics involve voice phishing (vishing) to gain access to SSO codes, which allows them to bypass multi-factor authentication and access cloud-based environments without exploiting traditional vulnerabilities. This shift in attack methods poses new challenges for cybersecurity defenses.