THE HACKERS who on Monday pilfered information related to 600,000 Domino's Pizza customers have been suspended from Twitter, and have failed to release the data as threatened.
Domino's Pizza became the latest firm to fall victim to hackers earlier this week, admitting that data about more than 600,000 customers had been pinched.
Topping the recent attack on RSS firm Feedly where hackers demanded ransom to end distributed denial of service (DDoS) attacks, hackers attacked Dominos France and Belgium and demanded €30,000 to prevent the public disclosure of users' details.
Notorious hacker outfit @RexMundi_Anon claimed responsibility for the attack, before its Twitter account was suspended, that saw 592,000 records lifted from Dominos France and 58,000 from the Belgian website. The group said that pilfered data included customer names, phone numbers and email and street addresses, along with passwords - and that they would release the details at 7pm UK time if the ransom was not paid.
The hacking group boasted, "Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database. And boy, did we find some juicy stuff in there! We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones.
"That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not)."
The hackers' later added, "If Domino's Pizza doesn't pay us (on Monday) and we publish your data, you have the right to sue them," demanding €30,000 from the pizza purveyor.
However, come 7pm, the hackers had failed to release the data, and at the time of publication, no customer details have been leaked. It's unclear whether Domino's Pizza met the hackers' ransom request, but we have been in touch for further information.
UK Domino's users will be pleased to hear that their details are safe, with a spokesperson saying, "The data hacking is isolated to the Domino’s franchise in France and Belgium, and no customer credit card or financial information was compromised.
"Domino's customers in the UK and Republic of Ireland are not affected by this incident. The security of customer information is very important to us. We regularly test our UK website for penetration as part of the ongoing rigorous checks and continual routine maintenance of our online operations."
David Emm, senior security researcher at Kaspersky, blasted the breach as yet another example of customer data not being properly secured. He said, "Once again we have an example of how customer data, if not adequately secured, can fall into the wrong hands.
"While it's important to try and keep out intruders, it's equally important that organisations secure data that's behind their perimeter defences so that, if those defences are breached, an attacker isn't able to obtain confidential data that can be used to compromise the online identities of its customers.
"The fact that credit card details and other financial data weren’t stolen in this case is good, but the theft of personal information is bad news for customers too. This is especially true of passwords since, sadly, many people use the same passwords for many of (or all) their online accounts."
Domino's has recommended that users change their passwords as soon as possible. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted