The data of 18 crore customers of Domino’s Pizza was allegedly leaked by a hacker, cybersecurity expert Rajshekhar Rajaharia had said. While he had earlier said that the data leaked included the name of the person, their email, phone number, address etc. He now added that the leaked data has been made public via a search engine created by the hacker.
In a tweet on Sunday, he posted the link to the platform created by the hacker, which he termed as a public search engine. “BeWare!! Alleged #Domino's India Hacker now created a public search engine. It is our right to know, if our data leaked. Ask Domino's to inform affected users. You can check here if your data is leaked or not,” he tweeted. He further said that the leaked data could be used to spy on someone’s past locations, as well as make them a target of email spamming and unwanted calls and SMS.
It is said that 13 terabytes of employee files and customer details have been leaked, and if one inputs their phone number or email in the search engine, it shows the linked email, total number of orders placed, amount spent, as well as various addresses the orders may have been delivered to. The hacker’s site claims that payment details and employee files will be made public soon.
BeWare!! Alleged #Domino's India Hacker now created a public search engine. It is our right to know, if our data leaked. Ask Domino's to inform affected users. You can check here if your data is leaked or not.https://t.co/lYyvQk8dGY #InfoSec #Dominos #DataLeak #DataBreach #GDPR pic.twitter.com/3JPTHBVt1I
— Rajshekhar Rajaharia (@rajaharia) May 23, 2021
Prior to the link of the search engine being made public, Domino’s parent company Jubilant FoodWorks had admitted to the breach but stated that financial information remains safe. It is important to note that Domino's has not informed customers who have been affected due to the data breach.
“The worst part of this alleged breach is that people are using this data to spy on people. Anybody can easily search any mobile number and can check a person's past locations with date and time. This seems like a real threat to our privacy,” Rajaharia earlier said.
"Jubilant FoodWorks experienced an information security incident recently. No data pertaining to the financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident," the company had said in a statement.
This first came to light in April, when Alon Gal, CTO of security firm Hudson Rock had said that a threat actor hacked Domino's India database worth 13TB.
“Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards,” Gal had said at the time.
He added that the threat actor is looking for around $550,000 for the database and that they have plans to build a search portal “to enable querying the data”.
Rajaharia told IANS that he had alerted India’s nodal cybersecurity agency CERT-in on March 5. At the time too, Jubilant said their team of experts was investigating the matter, and that the matter of financial data being leaked was “totally incorrect”.
As cybersecurity and data breach incidents are on the rise, it is important to keep your financial and personal information safe. Be cautious while sharing personal details on social media and avoid sharing contact details online.
If you are worried that your data has been compromised there are websites such as ‘Have I Been Pwned?’ (haveibeenpwned.com) where you can enter your email ID or phone number and check if your information has been leaked previously.