Hackers hold Domino’s Pizza to ransom
Hackers claim to have swiped the passwords of 650,000 Domino’s Pizza customers in France and Belgium, threatening to publish them if €30,000 (£23,892) ransom is not paid.
The group, known as Rex Mundi, said in a post to dpaste.de it had gained access to a vulnerable customer database shared by Domino’s France and Domino’s Belgium.
“We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones … [including] the customers’ full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not),” they said.
Rex Mundi gave a deadline of 8pm CET tonight (7pm BST) for Dominos to pay up, or the group “will post the entirety of the data in [its] possession on the internet”.
The group also took to Twitter to publicise the alleged hack and advise French customers to speak to their lawyers.
Domino’s France issued a statement through its own Twitter account saying that while it does encrypt all commercial data, the hackers it has “fallen victim to are professionals … [so] it is probable they will have been able to decode the cryptographic system for the passwords”.
Customers are therefore recommended to change their passwords “as a security measure”. The breach has also been reported to French police.
Rex Mundi has carried out similar blackmail and extortion attacks before.
In 2012, the group published the records of thousands of applicants to payday loan provider AmeriCash Advance, after the company refused to stump up $20,000.
More recently, it published the names of 12,000 customers of Belgian hosting firm Alfanet.
Last week, web reader service Feedly was taken offline by a distributed-denial-of-service attack after it refused to pay a ransom.