Adding to the list of online security breaches in India, a cybersecurity researcher on Sunday claimed that credit card details of nearly 10 lakh people who purchased online from Domino's Pizza India, is allegedly being sold for over Rs 4 crore on the dark web.According to Alon Gal, CTO of security firm Hudson Rock, a threat actor has claimed to have hacked Domino's India database worth 13TB. A threat actor is a person or entity responsible for an event that impacts the safety or security of another entity.
The threat actor is asking for around $550,000 (approximately Rs 4 crore) for the database and saying they have plans to build a search portal to enable querying the data, Gal claimed. "Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details and a whopping 1,000,000 credit cards," Gal claimed in a tweet.
"Plenty of large scale Indian breaches lately, this is worrying," he added.
Domino's India was yet to react to Gal's tweet.
Independent cybersecurity researcher Rajshekhar Rajaharia told IANS that he had alerted the CERT-in (India's national cyber defence agency) about this possible hack on March 5. "I had alerted CERT-in about a possible Domino's Pizza India hack where the threat actor got data access with details from about 200 million orders and personal data of the users too. The hacker, however, did not provide any sample," Rajaharia said.
There have been a string of hacking incidents involving Indian firms in the recent past, including BigBasket, BuyUcoin, JusPay, Upstox and others.
Gal, earlier this month, claimed that personal data of nearly 533 million (53.3 crore) Facebook users, including 61 lakh Indians, were leaked online after a hacker posted the details on a digital forum.
The leaked data included Facebook ID numbers, profile names, email addresses, location information, gender details, job data, and other details. Facebook said the data was old.