About a month ago, a cyber-criminal group made an announcement on an underground hacking forum. The group claimed that they had access to Domino's servers in India. The amount of customer and employee data gathered is excessive.
The hackers revealed that they had harvested highly sensitive information such as credit card numbers. In total the hackers had access to over 1 Million credit cards that were used to place orders on the Domino's app.
According to reports published by media, the scale of the data breach has been outlined. In total, the hackers claimed to have over 13TB of data belonging to Domino's. This included IT, Legal, Financial, Marketing and Operations data.
The cyber-criminals further boasted about their success in harvesting all the customers information. This includes information related to about 180 million orders. The names, cellphone numbers, email and delivery addresses and even payment info got leaked.
The hackers even bragged about the information not being outdated. In-fact, it was specified that the group managed to only gather files aged between 2015 and 2021.
According to the Indian news agency OpIndia, the data breach was announced by the threat actors on April 16th. On the following day the hackers made a 10 Bitcoin bid on the data as expressed by a comment made on their initial post. Interestingly, they claiemed that Domino's was probably going to pay them 50 Bitcoins in exchange for the data. The message provided indicates that the threat actors are now in contact with the franchise in India.
The threat actors also went ahead to assert that they were considering creating a search engine. This seems to mirror the action taken by another hacking group that was reportedly responsible for the MobiKwik cyber event. To that effect, the Domino’s hackers promised a $1,000 pay to anyone that would assist them meet the need.
On the 18th of April, a host of Cybersecurity figures went out and made announcements on the breach. This was followed by a flood of social media reports are people and agencies started catching up with the news.
Data Leaked on Dark-Net
The CFO of Hudson Rock, a cybersecurity firm is credited with discovering Domino's database on the dark-net. After the 13tb of data was posted on the dark-web, Alon Gal was quick to point to it. In a twitter post, cybersecurity expert confirmed that the criminals planned to sell the database to the highest bidder. In-fact, it looks like the portal the hackers wanted to create would facilitate all the stolen data.
Jubilant Foodworks, the franchisee of Domino's in India has responded to the breach. After a spokesperson was reached he confirmed that the Jubilant Foodworks suffered a major breach. Despite that they still insisted that no financial information belonging to customers has been leaked.
The company went on to dismiss all the reports that any financial data was compromised. They reflected their statement in a cybersecurity experts comment that noted no financial data was spotted.
The firm also intimated that they customers do not agree to any policy that requires to store customers financial details. This dispels any claims that customers credit-card information has been affected.
Domino's the asserted that their team of experts have been deployed to investigate the event. The chain mentioned that this is done to ensure that any necessary actions are taken moving forward.
The identity of the hackers behind the major breach has not been revealed. The relevant authorities are still investigating this case.