Just Last month, a group of cybercriminals made an announcement on an underground hacking forum that they had gained access to Domino’s India servers and made away with a huge amount of customer and employee data.
The hackers also revealed that they had harvested critical information linked to an excess of one million credit cards that were being used by the owners to place orders on the Domino’s app.
According to media reports, the threat actors’ initial forum post outlined the scale of their data breach. They claimed to have obtained 13TB of internal files belonging to 250 Domino’s workers from a number of its corporate departments, including IT, Legal, Finance, Marketing and Operations.
The cybercriminals further claimed that they had succeeded to harvest customer information, and particular details about 180 million orders – the information ranged from names, cellphone numbers, email addresses, delivery addresses, and payment information.
The hackers also boasted that the huge data dump in their possession was not outdated, with the internal files and lots of outlook mail archives being relevant to Domino’s activities from the year 2015 to 2021.
According to a timeline of events that was compiled by the Indian news portal OpIndia, the data breach was announced by its perpetrators on April 16.
On the following day, they made a 10 Bitcoin bid for the data as expressed by a comment on their initial post.
Interestingly, the hackers claimed that Domino’s was probably going to pay them 50 Bitcoin. The message provided the implication that they had already established contact with Jubilant Foodworks, which is the firm that holds the master franchise for Domino’s Pizza in India.
The threat actors also went ahead to assert that they were considering to create a search engine that seemed to mirror the same action that had been taken by another hacking group that was reportedly responsible for the MobiKwik cyber event. To that effect, the Domino’s hackers promised a $1,000 pay to anyone that would assist them meet the need.
On April 18, a host of cybersecurity figures made announcements of the data breach across social media site. This was followed by a flood of media reports whose agencies began catching up to the news on April 19.
Data Posted on Dark Web
Alon Gal, the Chief Technology Officer of the cybersecurity firm Hudson Rock, is credited with discovering the Domino’s database owned by Domino’s after the hacker put 13TB of stolen data on the dark web.
In a Twitter post, the renowned cybersecurity expert confirmed that the cybercriminals were planning to sell off the entire stash of data to the highest bidder. It turns out that the search portal that the hackers are looking to create will facilitate all queries of the stolen data.
When reached for comment, Domino’s India spokesperson confirmed that Jubilant Foodworks had indeed suffered an information security incident, but said that the financial information belonging to customers had not been compromised.
The company dismissed news that the compromised data included customer financial information. They reflected their statement on cybersecurity expert reports that the data found on the dark web was not related to financial information.
Notably, the firm intimated that they do not subscribe to a policy that requires that they store customer financial details or credit card data – it dispels reports that customer credit card information had been affected by the cyber-attack.
Domino’s went on to assert that their team of experts have been deployed to investigate the event and ensure that the necessary actions are taken moving forward.
Point to note, the real identity of the hackers has not been revealed by the relevant authorities.