Database of Domino's India hacked, 10 lakh Credit card data on 'sale' for Rs 4 crore

A cyber security researcher claimed that credit card details of nearly 10-lakh people who purchased online on Domino's Pizza India are allegedly being sold for over Rs 4 crore on the Dark Web. According to Alon Gal, CTO of security firm Hudson Rock, a threat actor has claimed to have hacked Domino's India database worth 13TB.

The threat actor is looking for around $550,000 (approximately Rs 4 crore) for the database and saying they have plans to build a search portal to enable querying the data, Gal claimed. In a tweet he said, "Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details and a whopping 1,000,000 credit cards. Plenty of large-scale Indian breaches lately, this is worrying."

Independent cyber security researcher Rajshekhar Rajaharia said that he had alerted about this possible hack to the CERT-in (India's national cyber defence agency) on March 5. Rajaharia said, "I had alerted CERT-in about a possible Domino's Pizza India hack where the threat actor got data access with details like 200 million orders and personal data of the users too. The hacker, however, did not provide any sample."

Gal earlier this month claimed that personal data of nearly 533 million (53.3 crore) Facebook users, including 61 lakh Indians, were leaked online after a hacker posted the details on a digital forum. The leaked data included Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and other details. Though Facebook said the data was old.

Mr. Sundar N Balasubramanian, Managing Director, Check Point Software Technologies, India & SAARC speaking on the Domino’s (India) database hack, which may have resulted in compromise of 1 million credit card details, e-mail IDs, phone numbers etc. of customers along with over 250 employee details. The hackers are aiming to sell the entire data on Dark web.

“Domino’s India joins a string of hacking incidents involving Indian firms in the recent past, including Bigbasket, BuyUcoin, JusPay, Upstox and others. There needs to be an increased focus on cybersecurity - based on our research, on average, an organization in India has been attacked 1681 times a week in the last 6 months. This is more than 2.5x higher than the global average of 667 attacks globally.

Organizations in India concerned about preventing data loss should consider a solution with the following capabilities:

• Tracks and controls any type or format of sensitive information in motion, such as e-mail, web browsing and file sharing services.

• Educates and alerts end-users on proper data handling without involving IT/security teams, and allows for real-time user remediation.

• Centrally managed across your entire IT infrastructure from a single console. Leverages out-of-the-box best practice policies.”