Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum.
In April 2021, a threat actor created a new topic on a hacking forum where they claimed to be selling 13 TB of stolen data, including details for 18 crores (180 million) orders and 1 million credit cards, from Domino's India.
To know if your information is in the database, you first need to download the Tor Browser. Once you do that, click the link here. As of the time of this writing, the link works but the search engine is a little slow since it has to sift through nearly 13TB of data.
The link does appear to crash from time to time as well, if that happens just try after some time.
You can search for your phone number or email address to check the orders you’ve placed. The dreaded part is that the data contains information about your order location, apart from your phone number and email ID. This makes it easy for scammers or spammers to locate your home and office address.
Today, Security researcher Rajshekhar Rajaharia, who has been following this breach, tweeted that Domino's India has finally begun disclosing the data breach - over a month after it was first reported.
In a short email to customers, Jubilant Networks, the master franchise owner for Domino's Pizza in India, disclosed that they were hacked on March 24th, 2021.
However, they state that the threat actor's claims to have stolen 1 million credit cards are false as they do not store any financial details of users on their site.
When combined, hackers can use this information to perform further attacks, such as phishing scams and SMS messaging scams, to steal further sensitive data from those exposed in this breach.
As of the time of this writing, we have managed to get it working once but the search took a lot of time, so be patient. This is likely due to the high volume of people searching a very heavy database.