According to IT security researcher Rajshekhar Rajaharia, “If you ever had ordered pizza online from Domino’s India your data is leaked now.”
Among other recent hacks that compromised Indian users’ data, a popular pizza outlet in the country, Domino’s India, seems to have undergone a cyber attack as well.
According to Rajshekhar Rajaharia, an Indian IT security researcher, the hackers have gained access to 13 TB worth of data which includes 180,000,000 order details containing names, phone numbers, payment details, and a million credit card details.
Furthermore, he revealed that the hackers are apparently looking to exchange the database for a ransom of $550,000 and have plans of building a search panel to enable querying the data.
A company spokesperson for Dominos India said, “Jubilant FoodWorks experienced an information security incident recently. No data pertaining to the financial information of any person was accessed and the incident has not resulted in any operational or business impact.
Domino's Statement — Jubilant FoodWorks experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact… @Gadgets360 #InfoSec #GDPR
— Rajshekhar Rajaharia (@rajaharia) April 19, 2021
“As a policy, we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident.”
Posts from the hacker on a hacker forum:
In a statement to Hackread.com, Rajaharia said that he alerted about this possible hack to the CERT-in (India’s national cyber defense agency) on March 5th, 2021.
“I had alerted CERT-in about a possible Domino’s Pizza India hack where the threat actor got data access with details like 200 million orders and personal data of the users too. The hacker, however, did not provide any sample,” Rajaharia said.
This alleged hack adds to a string of hacking incidents involving Indian firms. BigBasket and Mobikwik have also been victims of hacks in recent times. In fact, according to the researcher, the hacker behind Mobikwik breach are the same individuals to hack Domino’s India.
There needs to be an increased focus on cybersecurity – based on our research, on average, an organization in India has been attacked 1,681 times a week in the last six months. This is more than 2.5 times higher than the global average of 667 attacks globally,” says Sundar N Balasubramanian, Managing Director, Check Point Software Technologies, India & SAARC.