• United States




Domino’s Pizza: Large breach with a side of ransom

Jun 16, 20142 mins

A hacker group calling themselves “Rex Mundi” broke into Domino’s Pizza systems this past week and posted details to Pastebin.


A hacker group calling themselves “Rex Mundi” broke into Domino’s Pizza systems this past week and posted details to Pastebin. They made demands for a ransom to be paid or they would expose the customer data from the purloined databases.

From The Guardian

The data was allegedly stolen during a break-in last week, acknowledged by Domino’s France, which saw 592,000 French and 58,000 Belgian customer records exposed.

A posting by the hackers on text-hosting site Pastebin claims that the stolen data includes customers’ full names, addresses, phone numbers, email addresses, passwords, delivery instructions and even favourite pizza toppings.

Now, normally I wouldn’t pay much attention to a posting such as this but, Domino’s Pizza confirmed the hack via their Twitter account.  

Google Translation: “Domino’s Pizza uses an encryption system of trade data. However hackers we suffered”

Rex Mundi took the step to post a sample of the data that they had captured as an incentive to demonstrate that they were being honest about the breach.

From Pastebin:

We immediately sent various emails to both Domino’s Pizza France and Belgium. We also used the contact forms on their websites to let them know of this vulnerability and to offer them not to release this data in exchange for 30,000 Euros. So far, Domino’s Pizza has not replied to our demands. We would also like to point out that both of their websites are still up and vulnerable. Domino’s Pizza has until Monday at 8PM CET to pay us. If they do not do so, we will post the entirety of the data in our possession on the Internet.

This reminds me of the spate of DDoS attacks that have been launched against sites like Basecamp, Github and Feedly where the attackers were demanding payment to cease the attacks. This is a slightly different spin with a much higher ransom demand attached to it.

At the time of this writing the database had not yet been released online. This particular pizza order will be causing some heartburn for days to come. 


(Image used under CC from Dave Lundy)


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author