Hackers who claim to have accessed servers belonging to the Dominos pizza franchise in France and Belgium are demanding a ransom payment to prevent the exposure of nearly 650,000 customer records.
The hackers want payment of €30,000 (about $40,000 USD) or threaten to release details including customer names, phone numbers, email and physical addresses, and account login details, broadcasting their demands in a series of Twitter posts:
It is estimated that about 592,000 records were compromised in France and 58,000 in Belgium, a sample of which were posted to a publicly accessible web page that has since been removed. Dominos maintains that no financial or payment data has been exposed, but there has been criticism over reports that the data was hashed with MD5, but not salted, so the encryption was weak and susceptible to cracking.
“Although it is not certain exactly what records have been affected, it is staggering that the personal details of so many customers were seemingly left unencrypted and susceptible to this kind of attack – especially when you consider the warning shots that have been issued with previous high profile attacks,” wrote Steve Smith, MD of Pentura.
“If claims are accurate and indeed 600,000 customer records have been compromised that is a large amount of data that should have been better protected. The possibility that a large organization could even consider leaving data as plain text on a server is surprising to say the least.”
Read More Here…