In yet another major data breach, credit card details of about 10-lakh customers of Domino's Pizza are allegedly on sale for over Rs 4 crore on the Dark Web, a cyber-security researcher Alon Gal claimed on Sunday.
A threat actor has claimed to have breached Domino's India database of 13TB size, tweeted Alon Gal, CTO of security firm Hudson Rock.
The threat actor is seeking around $550,000 (about Rs 4 crore) for the database and says it has plans to build a search portal to enable querying the data, Alon Gal claimed in one of his tweets.
"Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards," Gal claimed, flagging concerns on “plenty of large-scale Indian breaches lately”.
Threat actor claiming to have hacked Domino's India (@dominos) and stealing 13TB worth of data.Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards. pic.twitter.com/1yefKim24A— Alon Gal (Under the Breach) (@UnderTheBreach) April 18, 2021
Domino's India has not yet responded to the claims made in the tweet.
Independent cybersecurity researcher Rajshekhar Rajaharia had alarmed about this alleged hack to the CERT-in (India's national cyber defence agency) on March 5, according to a report by news agency IANS.
"I had alerted CERT-in about a possible Domino's Pizza India hack where the threat actor got data access with details like 200 million orders and personal data of the users too. The hacker, however, did not provide any sample," the report quoted Rajaharia.
Of late, there has been a series of hacking incidents involving Indian firms, including Bigbasket, BuyUcoin, JusPay, Mobikwik, Upstox, and others.
Gal had claimed earlier this month that personal records of nearly 533 million (53.3 crores) Facebook users, including 61 lakh Indians, were leaked online after a hacker posted the details on a digital forum. The hacked data contained Facebook ID numbers, profile names, email addresses, location information, gender details, and job details among others.
Responding to the claim Facebook had said the data was old and it had fixed the issue in August 2019.