All you need to know about the 13 TB breach | #cybersecurity | #cyberattack


On April 16, 2021, hackers had announced on an infamous hackers’ forum that they got access to the Domino’s India servers and downloaded 13 TB of data that contained employee and customer data. The threat actors also claimed that they got over one million credit cards’ information used to place orders on the application.

Sample data search result

In the initial post on the forum, the hackers wrote, “We breached Domino’s India and got 13TB all internal files of 250 employees from IT, Legal, Finance, Marketing, Operations etc. We got all customers details, and 180M order details (name, ph number, email, delivery address, payment details) and 1M credit cards used to purchase on Dominos app. Internal files contain all files from 2015-2021 and lots of outlook mail archives. Breach – April 2021.”

When we further examined the thread, it was easier to create a timeline of the events.

On April 16, hackers announced that they breached Domino’s servers.

Hackers post detailing out the breach

On April 17, they mentioned in the comments that they were looking for 10 BTC (Bitcoin) for the data. At that time, they had an offer of 2 BTC in hand. As they had mentioned that Domino’s might pay them 50 BTC, it was clear that they had contacted Jubilant Foodworks, the parent company of Domin’s. The hackers also said that they were planning to build a search engine like other hackers’ group did in the case of MobiKwik. Notably, the hackers were ready to pay $1000 to someone who could help them create the search engine.

Hackers mentioned they were looking for 10 BTC for the data. Also hinted they were in contact with Domino’s parent company

On April 18, security experts published details of the breach on social media platforms.

On April 19, news agencies started to pick up the news, and several reported popped up on different news portals.

News portals started to pick up news on April 19

On April 19, Jubilant Foodworks issued a statement and said, “Jubilant Foodworks experienced an information security incident recently. No data pertaining to the financial information of any person was accessed, and the incident has not resulted in any operational or business impact. As a policy, we do not store financial details or credit card data of our customers, thus no such information has been compromised.”

On April 21, the hackers announced that their search engine was ready, and they were uploading the data.

Hackers announced they are uploading database on search engine

On May 20, they finally announced Dark Weblink to the search engine.

Hackers announce search engine on dark web

Experts’ opinion on the breach

Though Jubilant Foodworks did not seem to have taken any step to avert data getting in the hands of scammers, the said data has the potential to cause serious privacy concerns. The problem is that companies like Domino’s customers share several personal information that can potentially cause financial or even physical harm. Those who tend not to share their address with anyone are searchable only with the phone number.

Independent Security Researcher Sourajeet Majumder published a thread on Twitter explaining the breach. He said that he was able to see all the personal details on the search engine. He said, “On using the search portal made by the threat actor, I was able to find my phone number/email, all delivery addresses, delivery amount and order time & date.”

When OpIndia talked to Sunny Nehra, Admin at Hacks And Security, about the Domino’s data breach, he said, “It has become such a common practice first to have flimsy security and then claim there is no privacy concern. If such companies do not start taking such breaches seriously, they will lose trust among the customers.”

Alon Gal, Co-Founder & CTO, Hudson Rock, had shared the information about the breach in April. He wrote, “Threat actor claiming to have hacked Domino’s India and stealing 13TB worth of data. Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards.”

“Plenty of large scale Indian breaches lately, this is worrying,” he had added.

We have hidden the information of the hacker, dark weblink and other identification markers.





Original Source link

Leave a Reply

Your email address will not be published.

eighty seven − = eighty six