11:50 AM
Sara Peters
Sara Peters
Quick Hits
Connect Directly

Hackers Renege On Threat To Publish Domino's Customer Data

Although Domino's Pizza refused to pay a ransom, the hacking group Rex Mundi has yet to follow through on threats to release stolen customer data.

Last week, hacking group Rex Mundi announced that it had stolen the customer records of 650,000 French and Belgian pizza fans, and would publish those records unless Domino's paid a ransom of €30,000 by Monday at 8:00 p.m. CST. Domino's refused. Yet it's now three days since the deadline to pay up passed, and Rex Mundi has still not followed through on its promise to publish the data it stole.

The data in question was slurped from the pizza chain's Belgian and French websites, where it was secured with a wee MD5 hash.

Rex Mundi claimed:

We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).

Domino's acknowledged, via Twitter, that they'd received the ransom request. The company has said it will not concede to the hackers' demands, and pointed out that the breached records do not contain financial information.

Rex Mundi did release six customer records (sans pizza topping preferences) as proof that they had the information. So far that's all they've revealed.

This is not the first time that Rex Mundi has demanded ransoms for stolen data, nor is it the first time that they've had their demands ignored. In April they did release the names of 12,000 customers of Belgian hosting firm Alfa Hosting, after the firm initially declined to pay up. Rex Mundi never disclosed the rest of the sensitive data they claimed to have -- either because Alfa had a change of heart and paid up or perhaps because Rex Mundi never had the info they claimed to have. In June 2012, they did follow through on threats, revealing thousands of records about bank loan applicants, including truncated Social Security numbers, when AmeriCash Advance refused to pay a $15,000 ransom.

Ransom requests have become a growing category of cybercrime, largely because of the popularity of CryptoLocker. No ransomware was used in this attack.

In its original announcement, the group pointed out that both of the hacked websites were "still up and vulnerable." The sites remain up for now. Domino's has advised customers to change their passwords.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/23/2014 | 12:11:12 AM
Re: Forensics Data
That's an interesting idea Christian. It is possible a clue was left that investigators will turn up. Kudos to them for not paying the ransom though.

User Rank: Ninja
6/20/2014 | 5:30:52 PM
This is upsetting because I love dominos and order from there a lot.

But on a serious note: I know Dominos went on record stating that in the breach ws no procurement of financial data, but besides toppings does anyone know the exact data sets breached and were they confirmed? Thanks,
Randy Naramore
Randy Naramore,
User Rank: Ninja
6/20/2014 | 3:52:06 PM
Re: Forensics Data
Free pizza and beer will open up a world of knowledge.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
6/20/2014 | 1:12:43 PM
Re: Forensics Data
Curious that they decided not to disclose customers pizza topping preferences. Perhaps they're to use that infor in a social engineering scam.
Randy Naramore
Randy Naramore,
User Rank: Ninja
6/19/2014 | 4:10:26 PM
Re: Forensics Data
Hackers are not normally known for their high morals or ethics. I hope most of us are not surprised.
Christian Bryant
Christian Bryant,
User Rank: Ninja
6/19/2014 | 3:07:58 PM
Forensics Data
Knowing the diet of hackers, perhaps the restraint was more about realizing Rex Mundi's own information was included in the breached records!

But on a serious note, based upon past situations, it's likely more a matter of self-preservation than a change of heart, whatever the source of the restraint. While bluffing is certainly a tool in the arsenal, forensics analysts may want to review the case more closely for a potential slip-up on Rex Mundi's part the group is trying to cover-up by not following through...
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Published: 2015-10-09
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.

Published: 2015-10-09
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.

Published: 2015-10-09
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.