Members of the Turkish Ajan hacker group recently breached the Indian Web site of Domino’s Pizza and published approximately 37,000 customers’ names, phone numbers, e-mail addresses and plain text passwords.
“The leaked e-mail ids were from top e-mail clients including Hotmail (3,340), Livemail (73), Gmail (13,913) and Yahoo (10,850),” writes Techcircle.in’s Anand Rai.
“Apart from customer details, the leak also contains details from the Dominos India website which might allow administrator access to other domains on the site,” writes MediaNama’s Apurva Chaudhary. “The hacker first posted about the hack on Turkish forum — Turkishajan.com — where they posted that they have uploaded all the account details on Pastebin.com. However, at the time of writing this post, the data uploaded seems to have been pulled down. Domino’s Pizza, Inc., an international pizza delivery corporation headquartered in Michigan, United States, runs its Indian operation through its master franchise, Jubilant FoodWorks.”
“[The] Domino’s India website was hacked using the SQL injection method and remote file inclusion, one of the most common methods for stealing private data from web databases,” writes Business Standard’s Priyanka Joshi. “Through this, the hacker typically tricks the site’s database into revealing data that should be hidden by ‘injecting’ certain commands.”
“As of this writing, the company blog, as well as its Facebook and Twitter channels, remained silent about the intrusion,” TechTree.com reports. “This will only make matters worse, as the first thing the [company] needs to do in order to restore public confidence in its system is to explain to its customers what exactly happened and the steps it will take to prevent future occurrences.”