“Payment details and employee files will be made publicsoon...”, claims the publicly available interface for the breached data.
Domino’s Pizza brand, run by Jubilant Foodworks Limited inIndia has had its data breached and made public. Details of orders made onDomino’s online using app or website are available for search by anyone.
The data is authentic and currently exposes full name, fulladdress, GPS coordinates of the delivery location, email address, mobilenumber.
The public interface created by those who have provided thisaccess claim that financial details like credit card, debit card, etc are alsoavailable but the company denies any possibility of this since they claim thatfinancial data is never processed or saved on Domino’s Pizza computers.
Further, the hackers are offering the entire data dump, 13 terabytesof purportedly authentic employee and customer details, for sale to anyone whois willing to talk to them via email mentioned on their public-facing searchengine of the breached data.
This search engine also reveals that the page has beenviewed about 4.5 lakh times and about 3 crore searches have been made on thedatabase.
The news of this data breach was broken by a Rajasthan basedEntrepreneur and Internet Security Researcher, Rajshekhar Rajaharia around 11pm on May 21.
The company, Jubilant Foodworks, accepts that a breach hasbeen made and the mentioned data has been stolen. However, the company claimedthat financial data was not stolen, and that this incident has not resulted inany operational or business impact.
The search engine is available for searching any mobile number, email, address, or name at https://slf2rrahypck3bwckpdohsnhpeqrb3nhvwznjmarmweofwnptowe4mad.onion.ly/?s=08