Attacks/Breaches
6/19/2014
11:50 AM
Sara Peters
Sara Peters
Quick Hits
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Hackers Renege On Threat To Publish Domino's Customer Data

Although Domino's Pizza refused to pay a ransom, the hacking group Rex Mundi has yet to follow through on threats to release stolen customer data.

Last week, hacking group Rex Mundi announced that it had stolen the customer records of 650,000 French and Belgian pizza fans, and would publish those records unless Domino's paid a ransom of €30,000 by Monday at 8:00 p.m. CST. Domino's refused. Yet it's now three days since the deadline to pay up passed, and Rex Mundi has still not followed through on its promise to publish the data it stole.

The data in question was slurped from the pizza chain's Belgian and French websites, where it was secured with a wee MD5 hash.

Rex Mundi claimed:

We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).

Domino's acknowledged, via Twitter, that they'd received the ransom request. The company has said it will not concede to the hackers' demands, and pointed out that the breached records do not contain financial information.

Rex Mundi did release six customer records (sans pizza topping preferences) as proof that they had the information. So far that's all they've revealed.

This is not the first time that Rex Mundi has demanded ransoms for stolen data, nor is it the first time that they've had their demands ignored. In April they did release the names of 12,000 customers of Belgian hosting firm Alfa Hosting, after the firm initially declined to pay up. Rex Mundi never disclosed the rest of the sensitive data they claimed to have -- either because Alfa had a change of heart and paid up or perhaps because Rex Mundi never had the info they claimed to have. In June 2012, they did follow through on threats, revealing thousands of records about bank loan applicants, including truncated Social Security numbers, when AmeriCash Advance refused to pay a $15,000 ransom.

Ransom requests have become a growing category of cybercrime, largely because of the popularity of CryptoLocker. No ransomware was used in this attack.

In its original announcement, the group pointed out that both of the hacked websites were "still up and vulnerable." The sites remain up for now. Domino's has advised customers to change their passwords.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
6/23/2014 | 12:11:12 AM
Re: Forensics Data
That's an interesting idea Christian. It is possible a clue was left that investigators will turn up. Kudos to them for not paying the ransom though.

BP
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/20/2014 | 5:30:52 PM
Upsetting
This is upsetting because I love dominos and order from there a lot.

But on a serious note: I know Dominos went on record stating that in the breach ws no procurement of financial data, but besides toppings does anyone know the exact data sets breached and were they confirmed? Thanks,
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/20/2014 | 3:52:06 PM
Re: Forensics Data
Free pizza and beer will open up a world of knowledge.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/20/2014 | 1:12:43 PM
Re: Forensics Data
Curious that they decided not to disclose customers pizza topping preferences. Perhaps they're to use that infor in a social engineering scam.
Randy Naramore
100%
0%
Randy Naramore,
User Rank: Ninja
6/19/2014 | 4:10:26 PM
Re: Forensics Data
Hackers are not normally known for their high morals or ethics. I hope most of us are not surprised.
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/19/2014 | 3:07:58 PM
Forensics Data
Knowing the diet of hackers, perhaps the restraint was more about realizing Rex Mundi's own information was included in the breached records!

But on a serious note, based upon past situations, it's likely more a matter of self-preservation than a change of heart, whatever the source of the restraint. While bluffing is certainly a tool in the arsenal, forensics analysts may want to review the case more closely for a potential slip-up on Rex Mundi's part the group is trying to cover-up by not following through...
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2012-2588
Published: 2014-09-19
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.

CVE-2012-6659
Published: 2014-09-19
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-3614
Published: 2014-09-19
Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.

Best of the Web
Dark Reading Radio