Domino’s India Data Breach: 18 Cr User Records Being Sold On The Dark Web

Domino’s India Data Breach: 18 Cr User Records Being Sold On The Dark Web

SUMMARY

News about the data leak was shared on Twitter by Alon Gal, who claims to be the cofounder and CTO of cybercrime intelligence firm Hudson Rock

Gal found the hacker selling the database on the dark web for around two to eight bitcoins

The data allegedly contains customers’ names, phone numbers, email IDs, addresses and payment card details

A threat actor has claimed to have stolen data sized 13 TB from Domino’s India’s database, putting the personal information of 250 employees across functions, as well as 18 Cr order details in jeopardy. 

News about the data leak was shared on Twitter by Alon Gal, cofounder and CTO of cybercrime intelligence firm Hudson Rock. Gal found the database being sold on the dark web for around two to eight bitcoins. On the dark web marketplace, the hacker reportedly wrote that if Domino’s India wants to prevent the database from being sold, it would have to pay the hacker 50 bitcoins as ransom. 

The database includes customers’ personal details which they are required to provide to Domino’s India while placing an order. These include names, phone numbers, email IDs, addresses and payment card details. However, the hacker has denied sharing any sample of the stolen data with cybersecurity researchers, which means that claims about the stolen data, its size and contents are just allegations at this point in time. 

Responding to the data breach allegations, a Domino’s India spokesperson told Inc42 that while the company had detected an ‘information security’ incident recently, no financial information of users had been compromised. 

“The incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken the necessary actions to contain the incident,” the spokesperson said. 

It is worth noting that in February, the Reserve Bank of India (RBI), alarmed by the state of data breaches affecting Indian startups and payments processors, issued new guidelines which stated that payment aggregators and gateways would not be allowed to store the card details of a customer online. This has meant that for making online payments, Indian customers have to feed their card details each time. The RBI’s decision came a few weeks after a data breach affecting payments processor Juspay led to over 10 Cr user records being leaked online.

According to screenshots of the leaked database shared by Gal on Twitter, the data stolen from Domino’s India’s database is from the period between 2015-21, although this remains unverified. The threat actor is also looking to build a search portal for the data, similar to the one built by Mobikwik hackers. 

Last week, Network18-owned finance portal Moneycontrol also suffered an alleged data breach, one that supposedly affected 7 lakh users. Days before, online discount broking platform Upstox suffered a data breach that allegedly affected 2.5 Mn users. And last month, fintech startup Mobikwik denied claims about a data breach impacting 100 Mn users. Data breaches that affected global tech giants Facebook and LinkedIn have also made the news in recent weeks. 

A report by IBM’s ‘Cost of a Data Breach Report 2020’ states that Indian companies witnessed an average $2 Mn total cost of a data breach in 2020, representing an increase of 9.4% from 2019.  A total of over 26,100 Indian websites were hacked last year as per the data recorded by the state-owned Indian Computer Emergency Response Team (CERT-In).

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Domino’s India Data Breach: 18 Cr User Records Being Sold On The Dark Web-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Domino’s India Data Breach: 18 Cr User Records Being Sold On The Dark Web-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Domino’s India Data Breach: 18 Cr User Records Being Sold On The Dark Web-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Domino’s India Data Breach: 18 Cr User Records Being Sold On The Dark Web-Inc42 Media
Domino’s India Data Breach: 18 Cr User Records Being Sold On The Dark Web-Inc42 Media
You’re in Good company