In the weekend news that shook many, a cybersecurity expert has claimed that the credit card details of 1 million Domino’s India customers are being sold online. The news came on Sunday and claims that the details of these 1 million purchases came from ordering Domino’s Pizza online. These credit card details are now being sold on the Dark Web for an amount of nearly Rs 4 crore.
The CTO of security firm Hudson Rock, Alon Gal has recently tweeted on the subject. As tweeted by Alon Gal, the database includes details regarding 180,000,000 Domino’s orders, including the names, phone numbers, emails, addresses, payment details, and details regarding 1,000,000 credit cards used for ordering.
According to him, the Domino’s India database worth 13 TB was hacked by the threat actor to acquire the aforementioned data. Gal claims that the actor has mentioned plans of building a search portal that enables querying the data and is now looking for an amount of around $550,000 (approximately Rs 4 crore) for the contents of the database. No official response has yet been made by Domino’s India on this tweet, but Gal has mentioned that the increasing number of large-scale Indian breaches is a worrying matter.
An ignored warning regarding Domino’s India:
In another part of the story, an independent cybersecurity researcher has reached out to IANS regarding the subject. The said researcher, Rajshekhar Rajaharia has mentioned to IANS that he had already alerted the Indian Computer Emergency Response Team (CERT-In) regarding this possible hack back on the 5th of March, 2021.
According to the details, Rajaharia had alerted CERT-In regarding a possible Domino’s Pizza India hack, where the threat actor might have gotten access to the details of up to 200 million orders along with the personal data of the users who placed these orders. He also mentioned that the hacker had however not provided any sample.
Another breach in the line of many
Just like Alon Gal mentioned in his tweet, ‘Plenty of large-scale Indian breaches lately, this is worrying’; it is indeed a worrying situation for Indian cybersecurity experts. This Domino’s India breaches just another in the line of many other breaches that happened quite recently. There have been hacking incidents involving Indian brands like Bigbasket, BuyUcoin, JusPay, and Upstox to name a few.
Besides this, earlier this month, Gal had also claimed that the data of as many as 533 million (53.3 crores) Facebook users, including 61 lakh Indians were leaked online. The data contained the Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and other details of the affected accounts. The leak took place after the details were posted on a digital forum by the hacker.
It was later discovered that the data was old and had already been reported in 2019. The vulnerability had been found and fixed in August 2019, as assured by a Facebook spokesperson.