- Jan 24, 2011
- 9,378
Hackers who claim to have cracked a Domino's Pizza database say they have stolen the details of more than 650,000 dough-loving customers.
The hacker group, going by the name of Rex Mundi, says the data will be released later today if the pizza chain fails to pay a ransom of €30,000 ($40,590, £23,930).
In a post on dpaste.de, the group said it had gained access to a customer database shared between Domino's France and Domino's Belgium which contains passwords and personal data belonging to customers who had previously registered for home deliveries:
Dear friends and foes,
Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database. And boy, did we find some juicy stuff in there! We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).
Rex Mundi gave a deadline of 8pm CET (7pm BST) for Domino's to pay up, claiming that failure to do so would result in the posting of "the entirety of the data in our possession on the internet."
The hacking group also publicised its attack on Twitter (account now appear to be suspended), along with a message to the pizza chain's customers advising them to sue if Domino's failed to pay up.
To prove they have the database in their possession, the hackers published the names, addresses, telephone numbers, email addresses and passwords of three customers from each of the two country sites.
And, if Domino's requires further proof that the group is serious, it need look no further than Americash Advance. In 2012 Rex Mundi published thousands of customer records after the payday lender chose not to hand over a $20,000 "idiot tax".
Read more: http://nakedsecurity.sophos.com/2014/06/16/dominos-pizza-hacked-customer-database-held-to-ransom/
The hacker group, going by the name of Rex Mundi, says the data will be released later today if the pizza chain fails to pay a ransom of €30,000 ($40,590, £23,930).
In a post on dpaste.de, the group said it had gained access to a customer database shared between Domino's France and Domino's Belgium which contains passwords and personal data belonging to customers who had previously registered for home deliveries:
Dear friends and foes,
Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database. And boy, did we find some juicy stuff in there! We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).
Rex Mundi gave a deadline of 8pm CET (7pm BST) for Domino's to pay up, claiming that failure to do so would result in the posting of "the entirety of the data in our possession on the internet."
The hacking group also publicised its attack on Twitter (account now appear to be suspended), along with a message to the pizza chain's customers advising them to sue if Domino's failed to pay up.
To prove they have the database in their possession, the hackers published the names, addresses, telephone numbers, email addresses and passwords of three customers from each of the two country sites.
And, if Domino's requires further proof that the group is serious, it need look no further than Americash Advance. In 2012 Rex Mundi published thousands of customer records after the payday lender chose not to hand over a $20,000 "idiot tax".
Read more: http://nakedsecurity.sophos.com/2014/06/16/dominos-pizza-hacked-customer-database-held-to-ransom/