Domino’s India has disclosed an information breach after a menace actor hacked their programs and offered their stolen knowledge on a hacking discussion board.
In April 2021, a menace actor created a brand new matter on a hacking discussion board the place they claimed to be promoting 13 TB of stolen knowledge, together with particulars for 18 crores (180 million) orders and 1 million bank cards, from Domino’s India.
The menace actor was promoting the information for roughly 10 BTC, or $380,000 at right now’s charges, and shared samples of the database construction for the allegedly stolen knowledge.
This month, the identical menace actors launched a Tor darkish net search engine that enables individuals to enter their telephone numbers or e-mail addresses to see if their info is uncovered within the database.
Earlier than utilizing this search engine, it is important to do not forget that the menace actor run this service. Due to this fact, any submitted knowledge may very well be used for additional malicious exercise, resembling phishing and smishing assaults.
Domino’s India customers have informed BleepingComputer that they examined the search engine, and it did include their orders and different private info from their account.
Domino’s India lastly discloses an information breach
In the present day, Safety researcher Rajshekhar Rajaharia, who has been following this breach, tweeted that Domino’s India has lastly begun disclosing the information breach – over a month after it was first reported.
In a brief e-mail to prospects, Jubilant Networks, the grasp franchise proprietor for Domino’s Pizza in India, disclosed that they have been hacked on March twenty fourth, 2021.
Nevertheless, they state that the menace actor’s claims to have stolen 1 million bank cards are false as they don’t retailer any monetary particulars of customers on their website.
From the database tables and knowledge shared with BleepingComputer by customers who utilized the search engine, the information does embody prospects’ cellular numbers, names, e-mail addresses, and GPS coordinates.
When mixed, hackers can use this info to carry out additional assaults, resembling phishing scams and SMS messaging scams, to steal additional delicate knowledge from these uncovered on this breach.
All Domino’s India prospects ought to be looking out for emails and texts pretending to be from Domino’s and never present any info, resembling bank cards and passwords except you’re particularly accessing the https://www.dominos.co.in/ web site.