Hackers who claim to have cracked a Domino’s Pizza database say they have stolen the details of more than 650,000 dough-loving customers.
The hacker group, going by the name of Rex Mundi, says the data will be released later today if the pizza chain fails to pay a ransom of €30,000 ($40,590, £23,930).
In a post on dpaste.de, the group said it had gained access to a customer database shared between Domino’s France and Domino’s Belgium which contains passwords and personal data belonging to customers who had previously registered for home deliveries:
Dear friends and foes,
Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database. And boy, did we find some juicy stuff in there! We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).
Rex Mundi gave a deadline of 8pm CET (7pm BST) for Domino’s to pay up, claiming that failure to do so would result in the posting of “the entirety of the data in our possession on the internet.”
The hacking group also publicised its attack on Twitter (account now appear to be suspended), along with a message to the pizza chain’s customers advising them to sue if Domino’s failed to pay up.
To prove they have the database in their possession, the hackers published the names, addresses, telephone numbers, email addresses and passwords of three customers from each of the two country sites.
And, if Domino’s requires further proof that the group is serious, it need look no further than Americash Advance. In 2012 Rex Mundi published thousands of customer records after the payday lender chose not to hand over a $20,000 “idiot tax“.
Then, earlier this year, the group tried to extort $20,000 from Belgian hosting provider AlfaNet after stealing customer records.
Belgian newspaper De Standaard reports that Domino’s spokesperson André ten Wolde said the company has contacted all affected customers and that no credit card information has been compromised.
Domino’s France has, however, released a series of tweets in which it explains that it has fallen victim to professional hackers who will likely be able to decrypt customers’ passwords.
With that in mind, we would urge Domino’s customers to change their passwords immediately.
Choose something strong, making sure it consists of at least 14 characters and uses a combination of upper and lower case letters, numbers and special characters.
And always, always, always use a different password for each site you use. (If you struggle to remember them all you can use a password manager.)
When hackers steal login information from one site, they often try the same combinations against other sites. If each password is unique, they won’t be able to access any of your other online accounts.