Members of the Turkish Ajan hacker group recently breached the Domino's Pizza website in that country, capturing and publishing around 37,000 customers' names, phone numbers, email addresses and passwords.
The Dominos website was attacked using the SQL injection method and remote file inclusion. The incursion was limited to the "Wow Club" page on the brand's website, rather than the individual franchise ordering pages, which would have exposed credit card data. Wow Club gives members coupons and other offers as part of a loyalty program for online fans.
These types of stolen and published repositories are gold mines for cyber thieves, who often cross-reference passwords and emails for seemingly non-sensitive accounts with information they may have for sites with the potential to wreak consumer havoc, like online banking.
The hackers first posted about the attack on a Turkish forum, Turkishajan.com, boasting that the account details had been uploaded on Pastebin.com. Dominos IT partner Jubilant FoodWorks said that it immediately took steps to remove the data from the public domain. "They had posted the data on few blog sites which we have got blocked now," the company noted. Those details, indeed, now appear to have been taken down.
"This is a very unfortunate event which has happened despite the security ecosystem that we have created around our online assets," Jubilant said, noting that it has improved its security, monitoring and audits to avoid any such incident in future.
Cybercrime in India is on the rise, with 66% of Indian online adults having been victims of cybercrime in their lifetime, according to the just-released Norton Cybercrime Report 2012. In the past 12 months, 56% of online adults in India have experienced cybercrime: that’s more than 115,000 victims of cybercrimes every day, 80 victims per minute and more than one per second – and the average direct financial cost per victim is $192, up 18% over 2011 (when it was $163).
Dominos is not the first high-profile hack in India this year: Microsoft India's online store was attacked in February by alleged Chinese hackers.