Domino’s India has disclosed a data breach where a threat actor hacked their systems and sold their stolen data on a hacking forum.
In April 2021, a threat actor posted on a hacking forum claiming to be selling 13 TB of stolen data, including details for 18 crores (180 million) orders and 1 million credit cards, from Domino’s India.
The data was put up for sale for approximately 10 BTC, or $380,000 and samples of the database structure for the allegedly stolen data was also shared in the forum.
This month, the same threat actors launched a Tor dark web search engine for the users to enter their phone numbers or email addresses to check if their information is exposed in the database.
However, one should keep in mind that the same threat actor runs this service. So, any data entered by the users could be used for further malicious activity, such as phishing and smishing attacks.
Domino’s India users have tested the search engine and confirmed that their orders and other personal information from their account were included in it.
Finally after over a month, Domino’s India has disclosed the data breach. Jubilant Networks, the master franchise owner for Domino’s Pizza in India sent a short email to its customers stating that they were hacked on March 24th, 2021.
They said that the threat actor’s claims of having stolen 1 million credit cards is not true as they do not store any financial details of users on their site.
From the database tables and information shared by users who used the search engine, the data include customers’ mobile numbers, names, email addresses, and GPS coordinates.
When combined, hackers can use this information to perform further attacks, such as phishing scams and SMS messaging scams, to steal further sensitive data from those exposed in this breach.
All Domino’s India customers are requested to be cautious about emails and texts pretending to be from Domino’s and not to provide any information, such as credit cards and passwords unless they are specifically accessing the https://www.dominos.co.in/ website.