Domino's India Data Breach: Mobile Numbers, Address Of 18 Crore Orders Leaked
The news of the data being made public was highlighted by cybersecurity researcher Rajshekhar Rajaharia on his Twitter handle where he exclaimed that the data could be used to spy on people.
The massive data breach of the popular pizza chain Dominos that occurred a few months ago involving over 18 crore Indian citizens has now been made public.
Also Read: 533 Million Facebook User's Private Data Leaked, 6 Million Are Indian Users
This data breach has seen a ton of personal customer information including email IDs as well as exact GPS coordinates.
The leak was originally revealed by Alon Gal, CTO of cybersecurity firm Hudson Rock who had first revealed in April that user data of Dominos customers was allegedly sold on the Dark Web for Rs 4 crore. According to cybersecurity experts in a conversation with TOI the leak is linked with the breach in the servers of Dominos that was highlighted in April.
The news of the data being made public was highlighted by cybersecurity researcher Rajshekhar Rajaharia on his Twitter handle where he exclaimed that the data could be used to spy on people.
Again!! Data of 18 Crore orders of #Domino's India have become public. Hacker created a search engine on Dark Web. If you have ever ordered @dominos_india online, your data might be leaked. Data include Name, Email, Mobile, GPS Location etc. #InfoSec #GDPR #DataLeak @fs0c131y pic.twitter.com/wIwL5ct6hX
¡ª Rajshekhar Rajaharia (@rajaharia) May 21, 2021
The data that was a whopping 13 terabytes in size was made public here by the hacker. (kindly enter the details at your own risk) The data includes the exact address where orders were delivered, along with how much a particular individual spent on the order.
Dominos data leak apparently has telephone nos, addresses and even amount spent till date including last few orders. Matlab hadh hai !!
¡ª Navroop Singh (@NavroopSingh_) May 24, 2021
People on Twitter were truly surprised to see the accuracy of the data.
@dominos_india About the data leak. Anyone can enter the number and get address. This is scary. What action are you taking?@rsprasad @Cyberdost #DigitalIndia #dominosdatabreach pic.twitter.com/3TOYaaYw0I
¡ª Vishal Pati Tiwary (@vishalpatitiwar) May 24, 2021
What¡¯s more, is that the hacker has warned that the payment details and the employee files would also soon be made public.
Also Read: Facebook Won¡¯t Notify 533 Million Users Of Data Leak, Here's How To Check
What¡¯s even more surprising is that Dominos hasn¡¯t really made any kind of a formal apology or announcement for the loss of data or any guidelines on how they could safeguard their account going forward.
What about payment info?
Jubilant FoodWorks, the brand that¡¯s responsible for Dominos in India made an official statement in April where it revealed that the data breach doesn¡¯t include payment information of its users as they do not store the financial information of customers.
Even Air India experienced a data breach
Even Air India announced a massive data breach involving 45 lakh passengers. The Air India data breach first surfaced roughly three months ago when air transport data giant SITA reported a breach. Air India was first notified about the breach on February 25, however, the nature of the leak was only revealed on March 5 and April 5. Details surrounding the breach, however, only surfaced the past weekend.
The stolen information included the passenger¡¯s name, date of birth, contact information, passport information, ticket history information, Star Alliance and Air India frequent flyer data along with their credit card details. Air India however reiterated that CVC and CVV numbers of credit cards were not held by Air India.
The compromised data involved users who had registered with the Indian airline in the past decade, between August 26, 2011, and February 3, 2021.
Next steps highlighted by Air India
Air India has recommended its customers change all account passwords immediately. These include passwords for Debit/Credit cards as well as internet banking passwords. Additionally, they ask if you can ask for a card with a new one from the bank, and keep a track of transactions made in the account.
Need for a strong data protection bill in India
In the last six months alone, we¡¯ve seen a bunch of data breaches, including the one with MobiKwik payments platform that allegedly saw data breach of 100 million of its users, the BigBasket breach that involved confidential data of around 20 million customers, to name a few.
Also Read: 8.2 TB Of MobiKwik User Data Allegedly Hacked, Company Denies Breach
What¡¯s more important is that the announcement of the breach has been made public months after the companies got to know about it, leaving the customers/ users of the platform in the dark and putting their data in more danger by not allowing them to make any security measures.
This calls for more stringent data protection laws that could hold these companies accountable for putting their users in harm's way, due to their negligence and irresponsibility, subjecting the users/customers to more cyberattacks in the future.