Enter your mobile number and email address. There! You get your list of orders along with details like your GPS coordinates. Domino’s has found itself in yet another data breach incident with around 10 lakh customer details out on this website. 18 Crore Rupees worth of Indian orders data has been released on the dark web through this website.
Hackers on the dark web created a search engine containing 13TB of stored data with over 250 employees the food giant has across the country from the finance, legal and marketing team. A company owned by Jubilant Foodworks, it is spread across India with over 300 outlets.
Rajshekhar Rajaharia, Internet Security Researcher at Cyber and Data Security Summit 2021, posted a screenshot of the website on Twitter cautioning people about the data breach.
Details Revealed, To Worry Or Not!
Claims have been made that the search engine leaks data concerning when the customer placed the order and where it got delivered. The contact details disclosure has taken customers aback. Phone numbers and email addresses of people have been used to detect their locations with coordinates. Speculation says that the search engine contains order details from 2015 onwards. The premise is that the search engine contains order details from 2015 onwards.
However, the most discombobulating query of the situation is the revelation of financial details. In their official statement before the website went public, Domino’s parent company admitted to the breach and mentioned that no financial details were compromised. They also said that they themselves had no business storing their customer’s credit card details.
The Timespan Of The Happenings
The breach is not a recent discovery. Aton Gal from Hudson Rock, a cybersecurity firm, learnt about the 13TB data leakage in early April. The hackers were found selling the data on Dark Web for 2 BTC and made it clear that Domino’s might pay 50 BTC for the data, evidently pointing towards the fact that they had reached out to Jubilant Foodworks.
Aton had declared that the portal contained credit card details as well. Even Rajaharia claims that the threat was made on the 5th of March, but Jubilant Foodworks declined the website disclosing financial information.
Past Data Breaches And How To Be Safe
Domino’s is not the only company victim to privacy threatening and leakage. AirIndia, BigBasket, Flipkart, MobiKwik, MoneyControl and Uptstox were subjected to this brutality of sorts in the recent past.
Claims are that the BigBasket leak was quite similar to the ongoing one that Domino’s is facing. However, better late than never; here are a few points that may help to keep a check on whether your data is breached or not and, if it is, the precautions to overcome the problem:
- Verifying the Breach: Websites like haveibeenpwned.com help you to know whether your data has been breached or not. The site also gives out information on what details have been leaked out in the open.
- Changing Passwords: Changing your password is a must in case of such situations. Even if one of your account details lay open in public, make sure to change passwords of accounts linked and have a similar password to the breached one.
- Use the OTP method: When ordering, instead of using and giving any website access to your pin, a One-time password (OTP) is the best method to go about any online payment. While it remains active for a short period, a new access code is generated every time you order something.
- Turn on two-factor Authentication: To provide an extra security layer, one can keep both: the password and the OTP. Hackers may not be able to access your details with this lifejacket on.