News - Domino's Pizza has been hacked and is held to ransom for €30,000

[HEXUS]

Hackers threaten to release data of over 600,000 customers from France and Belgium.

Read more.

[crossy]

I think I must be missing something here - specifically why is this a serious issue? As far as I can see, the possibility of password reuse is the biggest problem - and that's easily fixed.

As to the rest, so they publish your name, address, and that you like the large "Pepperoni Passion" with BBQ Stuffed Crust? (Oops, just gave away my preference) Not exactly Heartbleed...

Hopefully les flics will catch them and I'd vote for a set of stocks in the town square.

Meanwhile, I'd hope Domino's IT department are busy getting their excrement together.

[peterb]

"Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database," wrote Rex Mundi on 13th June. "And boy, did we find some juicy stuff in there!"

Probably the juiciest thing you would find in any chain pizza place! Why would you want to register an account for a take away pizza?

That aside, I suppose it is (yet another) wake up call to any business to ensure the security of its customer and corporate databases.

[Morthawt]

Unfortunately this does not surprise me. I would bet things like this are going to get worse. There have been many infiltrations over the past 3 years or so and even big companies/organizations have been hacked. I think the key is training people to be safer with how they use the computers. I bet most of these "hacks" are spear fishing attacks where they send a malicious email to an employee who opens an attachment thinking it is from their boss and BOOM 2 weeks later we hear this company gets hacked and all the details about it.

I wish companies would really train their people better on protocols for such things. Technology has gotten quite advanced, it cannot be easy for someone to physically hack from outside to inside. That is why these "hackers" resort to social engineering techniques and NLP to "con" people into doing something that will compromise the security from the inside out.

[Arthran]

I used to work in the IT department at Dominos UK. The data they would likely get from this would be purely names, addresses, contact numbers and possibly order history. The financial data is seperated completely. I cant speak for how the French team have things set up, but if its anything like the UK, its really not much more data than you can get from the bloody phone book...

[kalniel]

Probably the juiciest thing you would find in any chain pizza place! Why would you want to register an account for a take away pizza?

While I'm not sure it's the case here, often to get a discount code for a meal you have to supply your details. That's bad enough, but if they can't then keep these details secure they should be wrapped on the knuckles.

That aside, I suppose it is (yet another) wake up call to any business to ensure the security of its customer and corporate databases.

Absolutely, or if you can't, don't take the details. Maybe instead of/as well as a fine these companies should be banned from taking customer details for non-operational purposes for a year if they can't keep them secure.

[peterb]

they should be wrapped on the knuckles.

In the original pizza delivery box?

[kalniel]

In the original pizza delivery box?

*groan*

That's a cheesy hit on a poor typo. Your standards are dipping.

[TheAnimus]

Probably the juiciest thing you would find in any chain pizza place! Why would you want to register an account for a take away pizza?

That aside, I suppose it is (yet another) wake up call to any business to ensure the security of its customer and corporate databases.

Because they don't want you having to enter your address each time to order.

Security around you and your payment details harms their sales.

Hence Amazon having One Click ordering etc.

[virtuo]

Compromised is compromised, who's to say the details haven't been leaked already, haven't been accessed by someone before, and won't be leaked even if the ransom is paid?

Dominos should take the PR hit. Grovel to their customers, invest the 30 grand (and then some) in to beefing up their systems and learn a valuable lesson. If the ransom is paid, what message does that send out to wannabe's after a quick easy buck?

[CAT-THE-FIFTH]

In other news Pizza Hut executives do a victory jig.

[peterb]

*groan*

That's a cheesy hit on a poor typo. Your standards are dipping.

Or a cheesy topping! (anyway - you did the same to me in another thread - I'm forever putting up typos though)

Because they don't want you having to enter your address each time to order.

Security around you and your payment details harms their sales.

Hence Amazon having One Click ordering etc.

Yes, although with auto fill available on browsers filling in those details is less important. A lot of it is harvesting e mail addresses for direct marketing.

There is no direct evidence that the data was added online by the customer though - it could have been entered as part of a phone ordering service.

[YazX]

thats a very serious issue, publishing how customers like their pizza and favorite toppings are AT RISK!!!

what a group of idiots!

[Brewster0101]

In the words of the great Homer Simpson - 'dough'

[OilSheikh]

Is Pizza Hut paying the ransom ?

[DDY]

I wouldn't have to hand over my name and address if I had a local Dominos drive thru