Popular pizza chain Domino’s reportedly suffered from a cyberattack from its branches in India. According to Business Standard, 13 terabytes worth of data have been stolen and have been placed for sale on the dark web, with the threat actor asking for $550,000 in exchange for the said data.
Jubilant FoodWorks owns Domino’s India. Gadgets 360 reveals that the food service company oversees a franchise network of around 1,314 restaurants across 285 cities in India alone. Apart from India, the foodservice company also works with Domino’s for its brand in different countries such as Bangladesh, Nepal, and Sri Lanka.
Chief technology officer and co-founder of Israel-based cybercrime intelligence company Hudson Rock, Alon Gal, took to social media platform Twitter to air his findings on Sunday, April 18, 2021.
In his tweets, the security researcher said, “Threat actor claiming to have hacked Domino’s India (@dominos) and stealing 13TB worth of data. Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards.”
To aid in its plans to sell the database, the hacker in question reportedly aims to “build a search portal to enable querying the data,” notes Gal in another tweet. TEISS states that the threat actors are intending to sell the database for around 10 bitcoins.
However, another security researching by the name Sourajeet Majumder (@TechCrucio) announced on Twitter that the hacker is looking to sell parts of the compromised database by packages depending on the buyer’s preferences. The packages can go for 2 and 8 bitcoins respectively, reports TEISS.
To save its database, the TEISS news site states that hackers have also reached out to Domino’s India to pay up to 50 bitcoin to prevent the sale from going to the highest bidder, should a sale push through.
The hacking incident points to Jordan Daven as the attacker. The same threat actor was reportedly responsible for the MobiKwik data breach earlier in January 2021, reveals security researcher Rajashekhar Rajaharia, notes TEISS.
Gadgets 360 reached out to Domino’s India for comment on the matter. While a spokesperson admitted to experiencing a cybersecurity incident, the company said that “No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact.”
The spokesperson continued to say that they “do not store financial details or credit card data of our customers, thus no such information has been compromised.”
Following the incident, the company representative said that authorities and experts have already taken the proper steps to “contain the incident” and to further investigate the attack.