Dominos Database Hack: 18Cr User Details Are Sold On The Dark Web


A hacker had claimed to have stolen 13TB sized data from the database of Dominos India. He claimed to have put the personal information of 250 employees for sale on the dark web and put 18 crores of order details in jeopardy.

Alon Gal had shared the recent data breach on Dominos. Alon took to Twitter on the issue and claimed to be the co-founder and CTO of a cybercrime intelligence firm named “Hudson Rock”. Gal discovered that the alleged hacker had been selling the Dominos stolen database on the dark web for around 2-8 Bitcoins (BTC). The data had allegedly contained the customer’s names, email IDs, phone numbers, payment card details and addresses.

On the dark web market, the threat actor had reportedly written that if Dominos India wanted to prohibit the database from getting sold, they would have to pay a ransom of 50 Bitcoins ($2759698.23 at the time of writing). However, the hacker has ultimately denied sharing samples of the stolen personal data with the cybersecurity researchers. This indicates that the claims based on the stolen data, its size and the contents are merely allegations at this point. 

While responding to the alleged data breach, a spokesperson from Dominos India had mentioned that the company had detected an incident of “Information Security”. However, the financial information of the users had not been compromised. 

“The incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken the necessary actions to contain the incident,” the spokesperson said. 

Image: News18

One of the notable incidents – The Reserve Bank of India (RBI) had been alarmed in February by the state of the recent data breaches that had affected the startups and the payment processors. New guidelines had been issued that stated that the payment aggregators and the gateways will not be further permitted to store the payment card details online after receiving them from the customers. This means that for making the online payments, the customers would be required to feed the card details each time they are transacting online. The RBI-made decision had been announced a few weeks following a data breach of the affected payments processor JusPay. The data hack had led to the leakage of over ten crore users data. 

As per the leaked database screenshots that Gal shared on Twitter, the hacked Dominos database was between the period 2015-2021. Although, this remains is still unverified. The hacker is also looking to create a search portal for the data, which would resemble the ones made by the Mobikwik hackers. 

The Network-18 owned finance portal, Moneycontrol, had also suffered a massive data breach where supposedly 7 lakh users had been affected. Few days prior to these, the online discount brokerage platform, Upstox, had also suffered a data hack that had allegedly compromised the personal information of 2.5 million users. In the last month, the Fintech startup Mobikwik had denied claims regarding a data breach that had impacted 100 million users. In the recent week, data breaches on the major tech giants such as LinkedIn and Facebook had also made striking headlines. 

IBM’s “Cost of a Data Breach Report 2020” mentions that the Indian firms had witnessed an average of 42 million total costs of data leak in 2020. This represents an increase of 96.4% from 2019. The statistics show that over 26,100 Indian websites had been affected by data breach last year. The statistics have been revealed by the state-owned Indian Computer Emergency Response Team (CERT-In).

Source: Inc42

Disclaimer: Read the complete disclaimer here.


Please enter your comment!
Please enter your name here