Monday, June 14, 2021
Home Specials OpIndia Explains Domino's data breach explained: Leaked data now available through search portal on the dark...

Domino’s data breach explained: Leaked data now available through search portal on the dark web, over 13TB of data leaked

Though Jubilant Foodworks did not seem to have taken any step to avert data getting in the hands of scammers, the said data has the potential to cause serious privacy concerns.

On April 16, 2021, hackers had announced on an infamous hackers’ forum that they got access to the Domino’s India servers and downloaded 13 TB of data that contained employee and customer data. The threat actors also claimed that they got over one million credit cards’ information used to place orders on the application.

Sample data search result

In the initial post on the forum, the hackers wrote, “We breached Domino’s India and got 13TB all internal files of 250 employees from IT, Legal, Finance, Marketing, Operations etc. We got all customers details, and 180M order details (name, ph number, email, delivery address, payment details) and 1M credit cards used to purchase on Dominos app. Internal files contain all files from 2015-2021 and lots of outlook mail archives. Breach – April 2021.”

When we further examined the thread, it was easier to create a timeline of the events.

On April 16, hackers announced that they breached Domino’s servers.

Hackers post detailing out the breach

On April 17, they mentioned in the comments that they were looking for 10 BTC (Bitcoin) for the data. At that time, they had an offer of 2 BTC in hand. As they had mentioned that Domino’s might pay them 50 BTC, it was clear that they had contacted Jubilant Foodworks, the parent company of Domin’s. The hackers also said that they were planning to build a search engine like other hackers’ group did in the case of MobiKwik. Notably, the hackers were ready to pay $1000 to someone who could help them create the search engine.

Hackers mentioned they were looking for 10 BTC for the data. Also hinted they were in contact with Domino’s parent company

On April 18, security experts published details of the breach on social media platforms.

On April 19, news agencies started to pick up the news, and several reported popped up on different news portals.

News portals started to pick up news on April 19

On April 19, Jubilant Foodworks issued a statement and said, “Jubilant Foodworks experienced an information security incident recently. No data pertaining to the financial information of any person was accessed, and the incident has not resulted in any operational or business impact. As a policy, we do not store financial details or credit card data of our customers, thus no such information has been compromised.”

On April 21, the hackers announced that their search engine was ready, and they were uploading the data.

Hackers announced they are uploading database on search engine

On May 20, they finally announced Dark Weblink to the search engine.

Hackers announce search engine on dark web

Experts’ opinion on the breach

Though Jubilant Foodworks did not seem to have taken any step to avert data getting in the hands of scammers, the said data has the potential to cause serious privacy concerns. The problem is that companies like Domino’s customers share several personal information that can potentially cause financial or even physical harm. Those who tend not to share their address with anyone are searchable only with the phone number.

Independent Security Researcher Sourajeet Majumder published a thread on Twitter explaining the breach. He said that he was able to see all the personal details on the search engine. He said, “On using the search portal made by the threat actor, I was able to find my phone number/email, all delivery addresses, delivery amount and order time & date.”

When OpIndia talked to Sunny Nehra, Admin at Hacks And Security, about the Domino’s data breach, he said, “It has become such a common practice first to have flimsy security and then claim there is no privacy concern. If such companies do not start taking such breaches seriously, they will lose trust among the customers.”

Alon Gal, Co-Founder & CTO, Hudson Rock, had shared the information about the breach in April. He wrote, “Threat actor claiming to have hacked Domino’s India and stealing 13TB worth of data. Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards.”

“Plenty of large scale Indian breaches lately, this is worrying,” he had added.

We have hidden the information of the hacker, dark weblink and other identification markers.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Anurag
B.Sc. Multimedia, a journalist by profession.

Related Articles

Trending now

Swami Avdheshanand Giri condemns misinformation over Ram Mandir transactions, Trust Gen Sec too rebuts accusations: Here’s what they said

Swami Avdheshanand Giri has issued a statement assuring that Ram Mandir transactions are authentic and transparent.

BBC apologises for its coverage of footballer Eriksen’s collapse, it is time they apologise for their grotesque reportage on India’s Covid outbreak too

The western media outlets, including BBC, ought to apologise India for perpetrating racism with their egregious coverage of country's COVID-19 pandemic and linking it with morbid images of burning funeral pyres.

Rahul Gandhi joins in spreading lies about a ‘scam’ by Ram Mandir trust: Here are the facts in 10 simple points

On the 13th of June 2021, Aam Aadmi Party took to Twitter to level grave allegations against the Ram Janmabhoomi Teerth Kshetra.

Islamic NGO with possible terror links raised almost 150 crores to ‘Help India Breath’ amid pandemic, little of it was actually sent

Dubious NGOs with links to terrorist organizations and Pakistani army collected funds on the name of relief to India amid Covid pandemic

Here is the truth about the land deal by Ram Janmabhoomi Teerth Kshetra and how the allegations by likes of AAP are baseless

Shri Ram Janmabhoomi Teerth Kshetra and its head Champat Rai bought an additional piece of land for the purposes of additional construction to facilitate pilgrims who would be travelling to Ayodhya

Recently Popular

Here is the truth about the land deal by Ram Janmabhoomi Teerth Kshetra and how the allegations by likes of AAP are baseless

Shri Ram Janmabhoomi Teerth Kshetra and its head Champat Rai bought an additional piece of land for the purposes of additional construction to facilitate pilgrims who would be travelling to Ayodhya

Kamal R Khan calls Mika Singh ‘anpadh gawar sooar’ after the singer released a diss track titled ‘KRK Kutta’: Here is how the feud...

The feud between KRK and Mika Singh descends to calling each other ‘dogs’ and ‘pigs’, here how it unfolded

Young billionaire Nikhil Kamath’s account closed by Chess.com as he admits cheating in charity game to defeat Vishwanathan Anand

Nikhil Kamath created quite the flutter recently after he apparently defeated Vishwanathan Anand in a game of chess.

Rohingyas settled all over UP with forged Aadhaar, voter IDs, fresh arrests reveal they are getting financial aid too: Report

ADG informed that the Rohingyas have settled in every assembly constituency with forged voter ID cards.

PM Modi kills the manufactured stories about his rift with Yogi Adityanath with just three words

In a rare gesture, PM Modi publicly praised Yogi Adityanath for a scheme amid the manufactured reports about rift between the two

60-year-old woman gang-raped in front of her grandson: More horror stories emerge from Bengal as women speak up in SC

Women in West Bengal have moved the Supreme Court narrating the details of the horrifying gang-rapes they were subjected to in the post-poll violence by the members of ruling party.
- Advertisement -

 

Connect with us

255,564FansLike
553,122FollowersFollow
24,300SubscribersSubscribe