Domino's acknowledges data breach; Denies leak of million credit cards
Pizzas are usually considered bad for your health, but the latest Domino's India data leak could have serious consequences for your financial health as well. The latest security lapse has allegedly compromised customers' names, phone numbers, delivery addresses, and credit card details. The breach came to light after Alon Gal, CTO of Israeli cybersecurity firm Hudson Rock, tweeted about it on Sunday.
- Alon Gal tweeted about the Domino's leak on Sunday
- Massive 13TB data dump spans 180 million pizza orders
- Indian security researcher claims same perpetrator was behind MobiKwik hack
- Rajaharia couldn't find payment data in his analysis
- Jubilant FoodWorks admits that it has suffered a security breach
- Domino's acknowledges breach, but claims financial data was never stored
- Domino's claims credit card details can't be compromised
- Seller expects $550,000 for leaked data in one-shot deal
- Hacker apparently working to release a searchable database as proof
Alon Gal tweeted about the Domino's leak on Sunday
Threat actor claiming to have hacked Domino's India (@dominos) and stealing 13TB worth of data.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 18, 2021
Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards. pic.twitter.com/1yefKim24A
Massive 13TB data dump spans 180 million pizza orders
The fact that Domino's accounts for 70 percent of the country's pizza consumption and 16 percent of fast-food sales makes the leak all the more damning. The 13TB data cache allegedly includes a million credit card details and data on 180 million orders. Besides customers, personal details of more than 250 Domino's employees spanning IT, legal, finance, marketing, and operations verticals have been leaked.
Indian security researcher claims same perpetrator was behind MobiKwik hack
Speaking to IANS, security researcher Rajshekhar Rajaharia claimed to have reported this breach to Indian Computer Emergency Response Team (CERT-in) on March 5. According to Rajaharia, the same hacker was also responsible for the MobiKwik data leak, reported earlier this month. He also claimed that the hacker had access to Domino's data as early as February this year.
Rajaharia couldn't find payment data in his analysis
Again Big Data Leak! 20 Crore Order Details including 13 TB data of Domino's India alleged leaked from #DominosIndia Server. Data Includes mobile, email, name, home address, payment type and Social Login Tokens. It seems Financial data is not there. #infosec #GDPR @jackerhack pic.twitter.com/glOAFpQCD7
— Rajshekhar Rajaharia (@rajaharia) April 19, 2021
Jubilant FoodWorks admits that it has suffered a security breach
"Jubilant FoodWorks experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact," said Domino's parent company in a statement to Gadgets360.
Domino's acknowledges breach, but claims financial data was never stored
Meanwhile, Domino's parent company Jubilant FoodWorks has issued a statement to Gadgets360 acknowledging the breach. However, the company denies storing customer financial details and claims that credit card data has not been compromised. Rajaharia has backed up Domino's claim by tweeting that he couldn't find financial data in the leak so far. Things could change though, as the hackers promise to reveal more.
Domino's claims credit card details can't be compromised
"As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident," Domino's spokesperson said.
Seller expects $550,000 for leaked data in one-shot deal
According to Gal's tweet, the hacker has put the data for sale on hacker forums. The seller expects a one-shot deal and has therefore demanded $550,000 for the massive Domino's database. The proof showcased on the forum makes it look like the hacker had access to Domino's database long enough to create a backup, but nothing can be determined conclusively at this juncture.
Hacker apparently working to release a searchable database as proof
Such illegal transactions are usually accompanied by the perpetrators releasing a part of the database as proof for verification. However, this leak is said to have occurred earlier and the hacker is apparently putting together a searchable database as proof for potential buyers. The search portal will allow affected users to query the database to see if they have been compromised.
