Pizza delivery service Domino's India has been the latest main target of a significant cyberattack that leaked the order information of 18 crore pizza purchases made on the platform. Internet Security Expert Rajshekhar Rajaharia was the first to notice the security breach, including 130TB of staff files and user information.
Following a hacking incident at India's largest fast service company, thousands of worried customers took to social media to urge clarity and responsibility from the firm. Rajshekhar Rajaharia had said how he had red-flagged a federal agency about the security breach in March.
The breach's perpetrators have built an illegal online website that allows users to request breached order information when looking for a mobile number or an email address. The information happens to be online today, and everyone can freely check for it. It is no longer necessary to use Onion or Tor-like software.
The data leak affects up to 180 million customers of Jubilant FoodWorks Ltd NSE 1.08 percent's 1,314 Domino's Pizza locations. The compromised data contains over 1 million account information, cell phone numbers, and GPS coordinates, and it has been made public on the dark web.
Hundreds of customers have stated that they are deleting the Domino's app throughout the last two days. Domino's had 51.2 million smartphone installs at the end of December 2020, according to JFL's third-quarter balance statement.
In a tweet, Rajshekhar Rajaharia said, “Again!! Data of 18 Crore orders of #Domino's India have become public. Hacker created a search engine on Dark Web. If you have ever ordered @dominos_india online, your data might be leaked. Data include Name, Email, Mobile, GPS Location, etc.”
“The worst part of this alleged breach is that people are using this data to spy on people. Anyone can easily search any mobile number and check a person's past locations with date and time. This seems like a real threat to our privacy.” he added.
The malware impacted all users who purchased from Dominos India over the mobile via their phone number. Customers who want to see if their contact information or email address was compromised should go to the connection listed input their contact information to see if they were affected.
Moreover, although the link's databases are still operational as of the writing of this article, they could be shut down later to avoid further dissemination of confidential documents.
In an interview, the Head of Customer Success and SE Lead, India & SAARC, Prakash Bell said, “Organisations handling end-user data should be investing more in cybersecurity solutions and practices that will enhance their security posture. In today’s digitalised world, protecting end-customer information is vital.”
