The last few months have seen a major data leakage in India from known online portals including Mobikwik, Big Basket, etc. Today, 13 TB Domino’s India data is on sale on the dark web. This data includes sensitive information including credit card details, home addresses, mobile numbers, and user names. Last month, an Israel-based security expert informed about this data leakage but now it is available on the dark web for sale.
Details About Domino’s Leaked Data
Last month, Israel-based Co-Founder and Chief Technology Officer of cybercrime intelligence firm Hudson Rock, Alon Gal revealed that leaked Domino’s India data is worth 13 terabytes(TB). He further added that the data has 18 crore users’ order details that include 1 million credit card data. It also includes 250 employees’ sensitive information.
Initially, the hacker was asking $550,000 for the data, as stated by Gal. Now, the data is available on a search portal created by the threat actor. Cybersecurity researcher Rajshekhar Rajaharia confirmed this news via his Twitter handle.
Again!! Data of 18 Crore orders of #Domino's India have become public. Hacker created a search engine on Dark Web. If you have ever ordered @dominos_india online, your data might be leaked. Data include Name, Email, Mobile, GPS Location etc. #InfoSec #GDPR #DataLeak @fs0c131y pic.twitter.com/wIwL5ct6hX
— Rajshekhar Rajaharia (@rajaharia) May 21, 2021
Earlier when there was news of data leakage, Jubilant FoodWorks, the parent company of Domino’s India, accepted that the firm recorded a security breach but they denied any financial information leakage.
Last month, Jubilant FoodWorks Spokesperson said:
“Jubilant FoodWorks experienced an information security incident recently. No data about financial information of any person was accessed and the incident has not resulted in any operational or business impact.”
Spokesperson further added
“As a policy, we do not store financial details or credit card data of our customers, thus, no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident.”
Since the data is available on the dark web and people confirmed it by searching specific details, Company’s last month’s claim looks fake.
Current Status of Domino’s Leaked Data
Rajshekhar Rajaharia, the cybersecurity researcher, is the person who alerted the users about MobiKwik data leakage as well. Current data leakage Domino’s is not only a financial issue but a major security concern as well.
Talking about the security concern related to current data leakage, he said:
“The worst part of this alleged breach is that people are using this data to spy on people. Anybody can easily search any mobile number and can check a person’s past locations with date and time. This seems like a real threat to our privacy.”
As per the latest claims, the data has been sold out for two to eight bitcoins with a 50 bitcoin ransom for the company to block the sale of its data.
As per the reports, he is the same hacker who earlier took Mobikwik data and put it on the dark web. He is mostly targeting the Indian Startups for hacking sensitive information.
Surprisingly, no action has been taken against these firms that could not secure users’ data. Indian Government doesn’t look interested in data security that is why Personal Data Protection Bill is pending in parliament since 2019.
Comparing the Indian data security issue with worldwide data security attacks, Sundar N Balasubramanian, managing director-India, and Saarc, Check Point Software Technologies said:
“Domino’s India joins a string of hacking incidents involving Indian firms in the recent past, including BigBasket, BuyUcoin, JusPay, Upstox, and others. There needs to be an increased focus on cybersecurity. Based on our research, on average, an organization in India has been attacked 1,681 times a week in the past six months. This is 2.5x higher than the global average of 667 attacks internationally.”