Hackers behind Domino’s India alleged data breach have created an online search engine where anyone can search for victims’ data – On the other hand, Domino’s data along with the Air India database has already found buyers.
India is the fifth-largest economy in the world and that means big businesses and large corporations have their presence in the country. Although that is a positive thing for people, it is also a lucrative target for cybercriminals and that is why, lately, India has become the target of large-scale data breaches.
In the latest, Domino’s pizza India and Air India, the flag carrier airline of India have become victims of data breaches risking the personal and financial details of millions of customers and thousands of employees.
Domino’s India Data Breach
On April 16, 2021, as Hackread.com reported, threat actors used a popular hacker forum to claim that they managed to breach the cyberinfrastructure of Domino’s and stole the personal and financial data of millions of customers across the country.
The hackers have now placed all that data just a click away on the internet. They have created a searchable portal where if you enter a phone number or an email address, that person’s order details will appear right in front of them. These details include their:
- Full names
- Phone numbers
- Payment details
- Email addresses
- Delivery addresses
- 1 million credit card data of customers who used Dominos app to shop.
Moreover, this data is entirely publicly accessible and anyone can search it up regardless of their browser as it no longer requires a Tor browser.
This data breach was first identified by Indian security researcher Rajshekhar Rajaharia and he is sharing updates regarding this data breach with Hackread.com regularly.
Needless to say, the website where all the data has been uploaded has been viewed countless times and it goes without saying that anyone who ordered a pizza from Dominos India via a phone call or an email is at risk of being affected by this data breach.
On the other hand, Jubilant Foodworks, the company which owns Domino’s India denied any claims of financial information being a part of the data breach.
“We breached Domino’s India and got 13TB of all internal files of 250 employees from IT, Legal, Finance, Marketing, Operations, etc. We got all customers’ details and 180 million order details (name, phone number, email, delivery address, payment details) and 1M credit cards used to purchase on Dominos app,” states the portal’s main page.
Nevertheless, as seen in the screenshot above, the portal controlled by hackers mentions they will soon release data related to payments and employees.
Data breaches are a reality and taking place every day yet not a single company is alerting its affected users especially in India. As a result, innocent people are being cheated. It’s our right to know if our data is leaked so that we can be aware of future cyber threats, Rajaharia told Hackread.com while discussing Domino’s alleged data breach.
Air India data breach
Air India reported that it initially got the news of the supply chain attack on SITA in February 2021 but did not get the details until 25th March and 5th April. It then confirmed that almost 4.5 million passengers were affected by this data breach and had their personal data exposed.
The stolen information according to Air India’s statement (PDF), included passengers’
- Full names
- Date of birth
- Contact details
- Credit card details
- Ticket information
- Passport information
- Star Alliance, and Air India frequent flyer data.
The company urged all passengers to change their passwords wherever applicable to ensure the safety of their personal data.
If Air India did not inform its customers then they had no clue that there was a data breach. On the other hand, not a single company informs its users if their data or password leaked and they should change their password ASAP to avoid identity theft and other scams that can lead to devastating results, Rajaharia added.
Domino’s database sold to 2 parties
Hackread.com has identified a dark web online marketplace accessible through the Tor browser where threat actors are claiming that Domino’s database has been sold to two parties. At the time of publishing this article; the database was still being sold for $1000.
Air India database sold to 1 party
The bad news for Air India passengers is that threat actors are claiming to have sold its database to one party. At the time of publishing this article; the database was still being sold for $3000.
SITA is a Geneva, Switzerland-headquartered firm providing IT and telecommunication services to the air transport industry. The company claims to serve 90% of the world’s airlines however it declined to reveal the specific data that had been compromised at the time of disclosure in early March, citing an investigation that is still ongoing.
It is worth noting that a few other big names affected by the SITA supply chain attack include:
- Jeju Air
- Cathay Pacific
- Malaysia Airlines
- Singapore Airlines
- Air New Zealand.