advertisement
A month after popular pizza delivery chain Domino’s witnessed a massive data leak on 20 April, the same data from around 18 crore orders, including sensitive information such as names of customers, their phone numbers, and locations have been made public by the hackers.
Sourajeet Majumder, a cyber researcher who first spotted the dataset told The Quint that since 16 April, a threat actor has been trying to sell allegedly breached data from Domino's and demanding a ransom from the organisation to prevent it from being sold.
"When his requests were not fulfilled, he finally decided to launch a search portal where one can search the breached data just using one's email or phone number," he added.
The Quint independently verified the search engine made available on the dark web and found out that personal information of customers has been made public by the hackers.
Majumder explains that the following information has been leaked:
Email address
Phone number
GPS Location
All delivery address
Total number of orders
Order amount
Order time & date
Currently, the database does not contain any financial information. However, in a blog post the cyberespionage group has promised that payment details and employee files of Domino's India will be made public very soon.
Deletion of the app won't help as the breach contains order details and other data from 2015 to April 2021.
Majumder said that the best practice would be to avoid using the Domino's app temporarily until the company puts out a clear statement on whether their app is currently safe to use. "At present in case one needs to order from Domino's, they can always use an alternative app like Swiggy or Zomato."
In a statement to The Quint, Jubilant FoodWorks-owned Domino’s India on 20 April confirmed that it experienced an information security incident.
"No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident," the company said.
The Quint reached out to Jubilant FoodWorks seeking a comment on the latest development. This story will be updated if and when the company responds.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)