New Delhi, April 18
In what could add to latest string of cyber breaches at India-based entities, a cyber security researcher on Sunday claimed that credit card details of nearly 10-lakh people who purchased online on Domino’s Pizza India is allegedly being sold for over Rs 4 crore on the Dark Web.
According to Alon Gal, CTO of security firm Hudson Rock, a threat actor has claimed to have hacked Domino’s India database worth 13TB.
The threat actor is looking for around $550,000 (approximately Rs 4 crore) for the database and saying they have plans to build a search portal to enable querying the data, Gal claimed.
“Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details and a whopping 1,000,000 credit cards,” Gal claimed in a tweet.
Threat actor claiming to have hacked Domino’s India (@dominos) and stealing 13TB worth of data.
Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards. pic.twitter.com/1yefKim24A
— Alon Gal (Under the Breach) (@UnderTheBreach) April 18, 2021
“Plenty of large-scale Indian breaches lately, this is worrying,” he added.
Domino’s India was yet to react to Gal’s tweet.
Independent cyber security researcher Rajshekhar Rajaharia told IANS that he had alerted about this possible hack to the CERT-in (India’s national cyber defence agency) on March 5.
“I had alerted CERT-in about a possible Domino’s Pizza India hack where the threat actor got data access with details like 200 million orders and personal data of the users too. The hacker, however, did not provide any sample,” Rajaharia said.
There have been a string of hacking incidents involving Indian firms in the recent past, including Bigbasket, BuyUcoin, JusPay, Upstox and others.
Gal earlier this month claimed that personal data of nearly 533 million (53.3 crore) Facebook users, including 61 lakh Indians, were leaked online after a hacker posted the details on a digital forum.
The leaked data included Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and other details.
Facebook said the data was old.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” a Facebook spokesperson had said in a statement.