Domino’s Pizza: Large breach with a side of ransom

A hacker group calling themselves “Rex Mundi” broke into Domino’s Pizza systems this past week and posted details to Pastebin.

tums

A hacker group calling themselves “Rex Mundi” broke into Domino’s Pizza systems this past week and posted details to Pastebin. They made demands for a ransom to be paid or they would expose the customer data from the purloined databases.

From The Guardian

The data was allegedly stolen during a break-in last week, acknowledged by Domino’s France, which saw 592,000 French and 58,000 Belgian customer records exposed.

A posting by the hackers on text-hosting site Pastebin claims that the stolen data includes customers' full names, addresses, phone numbers, email addresses, passwords, delivery instructions and even favourite pizza toppings.

Now, normally I wouldn’t pay much attention to a posting such as this but, Domino’s Pizza confirmed the hack via their Twitter account.  

Google Translation: "Domino's Pizza uses an encryption system of trade data. However hackers we suffered"

Rex Mundi took the step to post a sample of the data that they had captured as an incentive to demonstrate that they were being honest about the breach.

From Pastebin:

We immediately sent various emails to both Domino's Pizza France and Belgium. We also used the contact forms on their websites to let them know of this vulnerability and to offer them not to release this data in exchange for 30,000 Euros.

So far, Domino's Pizza has not replied to our demands. We would also like to point out that both of their websites are still up and vulnerable.

Domino's Pizza has until Monday at 8PM CET to pay us. If they do not do so, we will post the entirety of the data in our possession on the Internet.

This reminds me of the spate of DDoS attacks that have been launched against sites like Basecamp, Github and Feedly where the attackers were demanding payment to cease the attacks. This is a slightly different spin with a much higher ransom demand attached to it.

At the time of this writing the database had not yet been released online. This particular pizza order will be causing some heartburn for days to come. 

 

(Image used under CC from Dave Lundy)

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.