June 16, 2014
Foreign Domino’s Pizza Franchises Hacked And Held For Ransom
Peter Suciu for redOrbit.com - Your Universe Online
Pizza lovers might have gotten more than a slice recently, as some 650,000 customers of Domino's France and Domino's Belgium may have had their passwords and personal data stolen and held for ransom by hackers.
Naked Security, the advice and research news division of Sophos, reported on Monday that a hacking group by the name of Rex Mundi had stolen the data and said it would be released if the pizza chain failed to pay a ransom of 30,000 Euros ($40,590).
The group posted on the dpaste.de web forum that the database shared between the two Domino's divisions – which belonged to customers who had previously registered for home deliveries – would be released publicly.
The post read:
"Dear friends and foes, Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database. And boy, did we find some juicy stuff in there! We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not)."
Rex Mundi added that Domino's Pizza had until Monday at 8pm CET to pay, and even released some sample data from the French website.
Domino's France confirmed the hacking via its Twitter account and referred to the hackers as "seasoned professionals."
Business Insider reported that Domino's has said that the affected data in question only involved names, email addresses and phone numbers. The pizza maker stated that no banking or financial information was accessed and added that the company doesn't retain it.
The news organization also reported that Domino's took the breach to the French authorities and likely will not pay the demands. This is just the latest in a series of Rex Mundi's "failed attempts to turn a diem from its hacking skills," Business Insider reported.
Domino's customers in other parts of Europe are not affected in this security breach, The Guardian newspaper reported.
"The data hacking is isolated to the Domino’s franchise in France and Belgium, and no customer credit card or financial information was compromised," said a Domino’s Pizza Group PLC spokesperson in a statement emailed to The Guardian. "Domino’s customers in the UK and Republic of Ireland are not affected by this incident. The security of customer information is very important to us. We regularly test our UK website for penetration as part of the ongoing rigorous checks and continual routine maintenance of our online operations."
Security experts responded that this sort of attack is all too easy to pull off when companies don't take precautions.
"One of the possibly more concerning things is that in a copy of the original notice the hacker group published, the passwords appear to be in plain text," Jon French, security analyst at AppRiver, told The Guardian. "It's possible they cracked or used rainbow tables to get the passwords, but if the passwords were actually stored in plain text, that's a big no-no on Dominos part."
Rex Mundi had tried this sort of data-for-ransom scheme in the past. In 2012 the group stole and published online loan-applicant data from US payday company AmeriCash Advance and earlier this year the group broke into Belgian Internet hosting company Alfra Hosting. In both cases the companies refused to pay and the data was released publicly.
MAKE PIZZA IN STYLE - Pizzacraft Pizzeria Pronto Outdoor Pizza Oven - PC6000