“Payment details and employee files will be made public soon...”, claims the publicly available interface for the breached data.
Domino’s Pizza brand, run by Jubilant Foodworks Limited in India has had its data breached and made public. Details of orders made on Domino’s online using app or website are available for search by anyone.
The data is authentic and currently exposes full name, full address, GPS coordinates of the delivery location, email address, mobile number.
The public interface created by those who have provided this access claim that financial details like credit card, debit card, etc are also available but the company denies any possibility of this since they claim that financial data is never processed or saved on Domino’s Pizza computers.
Further, the hackers are offering the entire data dump, 13 terabytes of purportedly authentic employee and customer details, for sale to anyone who is willing to talk to them via email mentioned on their public-facing search engine of the breached data.
This search engine also reveals that the page has been viewed about 4.5 lakh times and about 3 crore searches have been made on the database.
The news of this data breach was broken by a Rajasthan based Entrepreneur and Internet Security Researcher, Rajshekhar Rajaharia around 11 pm on May 21.
The company, Jubilant Foodworks, accepts that a breach has been made and the mentioned data has been stolen. However, the company claimed that financial data was not stolen, and that this incident has not resulted in any operational or business impact.
The search engine is available for searching any mobile number, email, address, or name at https://slf2rrahypck3bwckpdohsnhpeqrb3nhvwznjmarmweofwnptowe4mad.onion.ly/?s=08