Ever ordered from Dominos’s online? A hacker is selling your payment details on the dark web!

Names, phone numbers, email IDs, delivery addresss, and payment details of Domino's India customers are being sold on the dark web.

Highlights
  • A hacker is said to have information from 180 million orders, including customer phone numbers and payment details
  • The hacker is selling credit card details of 1 million Domino’s India customers
  • The data is being sold for an asking price of 10 bitcoins (about Rs 4.25 crores)

If you have ordered your food from Domino’s India online website or app, your personal data might be compromised. According to Alon Gal, CTO of cybersecurity firm Hudson Rock, a hacker on the dark web is claiming to have hacked Domino’s India and stealing 13TB of data. Allegedly, the hack happened in early April and contains the data of both Domino’s India customers and 250 of its employees. The hacker is selling data on the dark web for 10 bitcoins, which as per the current rate, comes out to roughly Rs 4.25 crores.

According to the hacker’s post on the dark web, he has collected data on 180 million past orders, containing names, phone numbers, email IDs, delivery addresss, payment details, and details of 1 million credit cards used by customers. Apart from customer details, the hackers also obtained internal files of 250 employees, all internal files from 2015-2021, and Outlook mail archives. The post further states that the hackers are planning to create a search portal that will enable the querying of the data.

For those who don’t know, Domino’s India is a subsidiarily of Domino’s Pizza and is owned by foodservice company Jubilant Foodworks. The franchise runs a network of 1,341 restaurants in 285 cities in India. If this alleged hack is true, this is a serious breach of personal data for Domino’s India customers. Domino’s India has not commented on this news and has neither confirmed nor denied the hack. We will update the article once the company gives any official response. 

That said, Independent cybersecurity researcher Rajshekhar Rajaharia has corroborated the story. According to his statement to IANS


“I had alerted CERT-in about a possible Domino’s Pizza India hack where the threat actor got data access with details like 200 million orders and personal data of the users too. The hacker, however, did not provide any sample,” Rajaharia said.

Dominos’s India is not the first Indian company to be targeted by hackers. Last month, we learned about the MobiKwik hack that exposed the details of its 10 crores users. Before this, the BigBasket data breach exposed the details of 2 crore users. These hacks pose a big threat to Indian consumers. We need to improve our cybersecurity infrastructure to thwart any such attacks in the future.

Meanwhile, if you ordered online from Dominos’s India, make sure to change your password. If you are reusing the same password anywhere else (which you shouldn’t do), change your password in those places too. Also, take precautions to secure your credit card by changing PIN and blocking international transactions for now.