11:50 AM
Sara Peters
Sara Peters
Quick Hits
Connect Directly

Hackers Renege On Threat To Publish Domino's Customer Data

Although Domino's Pizza refused to pay a ransom, the hacking group Rex Mundi has yet to follow through on threats to release stolen customer data.

Last week, hacking group Rex Mundi announced that it had stolen the customer records of 650,000 French and Belgian pizza fans, and would publish those records unless Domino's paid a ransom of €30,000 by Monday at 8:00 p.m. CST. Domino's refused. Yet it's now three days since the deadline to pay up passed, and Rex Mundi has still not followed through on its promise to publish the data it stole.

The data in question was slurped from the pizza chain's Belgian and French websites, where it was secured with a wee MD5 hash.

Rex Mundi claimed:

We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).

Domino's acknowledged, via Twitter, that they'd received the ransom request. The company has said it will not concede to the hackers' demands, and pointed out that the breached records do not contain financial information.

Rex Mundi did release six customer records (sans pizza topping preferences) as proof that they had the information. So far that's all they've revealed.

This is not the first time that Rex Mundi has demanded ransoms for stolen data, nor is it the first time that they've had their demands ignored. In April they did release the names of 12,000 customers of Belgian hosting firm Alfa Hosting, after the firm initially declined to pay up. Rex Mundi never disclosed the rest of the sensitive data they claimed to have -- either because Alfa had a change of heart and paid up or perhaps because Rex Mundi never had the info they claimed to have. In June 2012, they did follow through on threats, revealing thousands of records about bank loan applicants, including truncated Social Security numbers, when AmeriCash Advance refused to pay a $15,000 ransom.

Ransom requests have become a growing category of cybercrime, largely because of the popularity of CryptoLocker. No ransomware was used in this attack.

In its original announcement, the group pointed out that both of the hacked websites were "still up and vulnerable." The sites remain up for now. Domino's has advised customers to change their passwords.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/23/2014 | 12:11:12 AM
Re: Forensics Data
That's an interesting idea Christian. It is possible a clue was left that investigators will turn up. Kudos to them for not paying the ransom though.

User Rank: Ninja
6/20/2014 | 5:30:52 PM
This is upsetting because I love dominos and order from there a lot.

But on a serious note: I know Dominos went on record stating that in the breach ws no procurement of financial data, but besides toppings does anyone know the exact data sets breached and were they confirmed? Thanks,
Randy Naramore
Randy Naramore,
User Rank: Ninja
6/20/2014 | 3:52:06 PM
Re: Forensics Data
Free pizza and beer will open up a world of knowledge.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
6/20/2014 | 1:12:43 PM
Re: Forensics Data
Curious that they decided not to disclose customers pizza topping preferences. Perhaps they're to use that infor in a social engineering scam.
Randy Naramore
Randy Naramore,
User Rank: Ninja
6/19/2014 | 4:10:26 PM
Re: Forensics Data
Hackers are not normally known for their high morals or ethics. I hope most of us are not surprised.
Christian Bryant
Christian Bryant,
User Rank: Ninja
6/19/2014 | 3:07:58 PM
Forensics Data
Knowing the diet of hackers, perhaps the restraint was more about realizing Rex Mundi's own information was included in the breached records!

But on a serious note, based upon past situations, it's likely more a matter of self-preservation than a change of heart, whatever the source of the restraint. While bluffing is certainly a tool in the arsenal, forensics analysts may want to review the case more closely for a potential slip-up on Rex Mundi's part the group is trying to cover-up by not following through...
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio