Hackers demand £24,000 from Domino’s Pizza in return for stolen passwords and email addresses
- Criminals claim to have stolen details from users in France and Belgium
- Hacking group Rex Mundi has taken responsibility for the attack
- It is demanding €30,000 (£23,892) for the return of the 650,000 passwords
- Other details include email and home addresses and phone numbers
- The group will publish the details online if it isn’t paid by 7pm (BST) tonight
Hackers are holding Domino’s Pizza to ransom after stealing more than 650,000 password from its customers in France and Belgium.
The group, known as Rex Mundi, said in a post to dpaste.de it had gained access to a vulnerable customer database shared by the pizza firm’s European headquarters.
It is now demanding €30,000 (£23,890) from the company by 8pm CEST (7pm BST) tonight or it will begin publishing the details online.
Hackers Rex Mundi claim to have stolen the passwords of 650,000 Domino’s Pizza customers in France and Belgium, and are threatening to publish them if a ¿30,000 (£23,892) ransom is not paid (pictured)
HACKER DEMANDS AND CONSEQUENCES
- Hacking group Rex Mundi is threatening to publish the details of 650,000 Domino’s customers if a ransom of €30,000 (£23,892 isn’t paid by 8PM CEST (7pm BST.)
- If the threat is carried out, French and Belgium customers’ names, addresses, phone numbers, email addresses, passwords and other information will be posted online.
- Customers could potentially take legal action against the pizza chain if this happens, the hackers said.
- Domino’s said it would not be paying the ransom.
- Customers have been advised by Domino’s to change their passwords ‘as a security measure’.
It claims to have downloaded more than 592,000 customer records, including passwords from French customers, and over 58,000 records from Belgian ones.
Other stolen details include customers’ full names, addresses, phone numbers, email addresses, passwords and delivery instructions.
The group even admitted to stealing details of the customer’s favourite pizza topping.
Rex Mundi also took to Twitter to publicise the alleged hack and advised customers to speak to their lawyers.
In a message, Rex Mundi said: ‘Earlier this week, we hacked our way into the servers of Domino’s Pizza France and Belgium, who happen to share the same vulnerable database.
‘And boy, did we find some juicy stuff in there! We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones.’
Domino’s France issued a statement on Twitter saying that although its data is encrypted, it has fallen victim to ‘professionals’ who were able to ‘decode the cryptographic system for the passwords’.
Domino’s Pizza executive Andre ten Wolde then told a Dutch newspaper that the ransom demand would not be paid, and stressed financial data, had not been compromised.
Customers of the pizza company are being advised to change their passwords ‘as a security measure’. The breach has also been reported to French police.
Rex Mundi has given a deadline of 8pm CEST tonight (7pm BST) for Dominos to pay up, or the group ‘will post the entirety of the data in [its] possession on the internet’. Customers have been advised by Domino’s to change their passwords ‘as a security measure’. Domino’s pizza and snacks are pictured
A spokesman for Domino’s Pizza Group said: ‘The data hacking is isolated to the Domino’s franchise in France and Belgium, and no customer credit card or financial information was compromised.
‘Domino’s customers in the UK and Republic of Ireland are not affected by this incident.
‘The security of customer information is very important to us. We regularly test our UK website for penetration as part of the ongoing rigorous checks and continual routine maintenance of our online operations.’
Jason Hart, VP Cloud Solutions at SafeNet, said:’The latest breach continues to raise public awareness of the need for encryption – not just of financial data, but also wider customer information…breaches will happen and you can’t stop them. The issue is – are you able to protect your sensitive data when a breach happens?’
‘The fact that financial information was not compromised minimises the severity of the breach. But given the increasing number of data breaches we’re seeing, it’s clear that companies need to start thinking about encrypting more than just financial data. If not they run the risk of losing customers to those competitors that do.’
Despite the lack of financial details, the company has said that the Dominos’s break is still ‘severe’.
David Emm senior security researcher at Kaspersky Lab , said: The fact that credit card details and other financial data weren’t stolen in this case is good, but the theft of personal information is bad news for customers too.
‘This is especially true of passwords since, sadly, many people use the same passwords for many of (or all) their online accounts.’
Read more: http://www.dailymail.co.uk/