Data leaking or theft is not a new thing. In this sequence, now the name of Domino’s Pizza has also been added. A case of alleged online leaking of the online records of millions of Domino’s customers has come to light.
According to Alan Gall, chief technology officer at Hudson Rock, Israel’s cybercrime intelligence company, about 13 terabytes of data is expected to be leaked. In a tweet on Sunday, he said that this data contains information related to about 18 crore orders.
Customers’ mobile numbers, e-mail addresses, payment information were included as order information. Gail claims that this data was being sold on the dark web and huge amounts were being sought for it.
However, in a statement from Domino’s India, it has been said that according to their policy, they do not submit financial information of customers. And in this case, no agreement has been made on any information.
However, he definitely admitted that some time ago a matter related to information security had come up in Jubiland FoodWorks. Jubiland Foodworks is the parent company of Domino’s India.
Rajasekhar Rajaharia, a cyber security researcher who first warned users about a big data leak at payment firm Mobikwik last month, said he had signed up the government’s cyber emergency arm of India Computer Emergency in March about the Domino data leak. Response Team (CERT-In) was alerted.
Over 20 crore order details, including 13 TB of Domino’s India data, have been leaked from Domino’s India servers. Data include mobile, email, name, home address, payment type and social login token.
Rajahria further tweeted on Monday that Domino’s data had previously been claimed to be in the possession of the same hacker who accessed Mobikwik data. It seems, the same hacker who allegedly hacked Mobikwik, had been accessing Domino since February 2021.
Earlier this month, information from millions of users was leaked, including data from Indian users of Facebook and LinkedIn. Both admitted customer data was leaked. Both said that it was not hacked from their system, but was scrapped. This means that the application was used to extract valuable information from a website.