[BreachExchange] Domino's India database likely hacked, 1 million credit card details leaked along with mail IDs, cell numbers

Destry Winant destry at riskbasedsecurity.com
Tue Apr 20 10:27:13 EDT 2021


https://www.indiatoday.in/technology/news/story/domino-s-india-database-likely-hacked-1-million-credit-card-details-leaked-along-with-mail-ids-cell-numbers-1792305-2021-04-18

Popular pizza outlet Domino’s India seems to have fallen victim to a
cyber attack. According to Alon Gal co-founder of an Israeli
cybercrime intelligence, the hackers have access to Domino’s India
13TB of internal data which includes employee details of over 250
employees across verticals such as IT, Legal, Finance, Marketing,
Operations, etc.

The hackers claim to have got all customer details and 18 crore order
details which include customer's names, phone numbers, email IDs,
delivery address, payment details including more than 10 lakh credit
card details used to purchase on Domino’s India app.

Further, the hackers are aiming to sell the entire data to a single
buyer. According to Alon Gal, the hackers are looking for $550,000
(around Rs 4 crores) for the entire database. The hackers also have
plans to build a search portal to enable querying the data.

The sale is apparently happening in the dark web and likely on a
website frequented by cyber scammers. For now, Domino's India has
neither confirmed nor denied that data of its consumers has been
stolen or leaked from its servers.

If accurate, the data of Domino's India customers in public puts
anyone who has ordered pizza at Domino's and has supplied details like
credit card, emails ID or phone numbers at a risk of identity theft
and cyber fraud.

It is especially worrying as India has been a victim of several
large-scale cyber breaches lately. According to Computer Emergency
Response Team (CERT-IN) data, during the Covid-19 pandemic cyber
attacks on India grew by nearly 300% last year, growing to 11,58,208
in 2020 compared to 3,94,499 in 2019.

Last month, the Union transport ministry received an alert from the
CERT-IN regarding “targeted intrusion activities” directed towards the
country’s transport sector with “possible malicious intentions”. This
came after a slew of cybersecurity attacks on the Indian government
and private sector portals over the past few months.

According to a survey conducted by Sophos Survey titled The Future of
Cybersecurity in the Asia Pacific and Japan, about 52 per cent of
domestic Indian companies said they fell victim to a cyber attack in
the last 12 months. Of these successful breaches, 71 percent of
organisations admitted it was a serious or very serious attack, and 65
percent said it took longer than a week to remediate

Cybersecurity experts predict that artificial intelligence and machine
learning-driven malware along with state-sponsored cyber attacks will
be the most serious threats to business's cybersecurity over the next
few years.


More information about the BreachExchange mailing list