Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/19/2014
11:50 AM
Sara Peters
Sara Peters
Quick Hits
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Hackers Renege On Threat To Publish Domino's Customer Data

Although Domino's Pizza refused to pay a ransom, the hacking group Rex Mundi has yet to follow through on threats to release stolen customer data.

Last week, hacking group Rex Mundi announced that it had stolen the customer records of 650,000 French and Belgian pizza fans, and would publish those records unless Domino's paid a ransom of €30,000 by Monday at 8:00 p.m. CST. Domino's refused. Yet it's now three days since the deadline to pay up passed, and Rex Mundi has still not followed through on its promise to publish the data it stole.

The data in question was slurped from the pizza chain's Belgian and French websites, where it was secured with a wee MD5 hash.

Rex Mundi claimed:

We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).

Domino's acknowledged, via Twitter, that they'd received the ransom request. The company has said it will not concede to the hackers' demands, and pointed out that the breached records do not contain financial information.

Rex Mundi did release six customer records (sans pizza topping preferences) as proof that they had the information. So far that's all they've revealed.

This is not the first time that Rex Mundi has demanded ransoms for stolen data, nor is it the first time that they've had their demands ignored. In April they did release the names of 12,000 customers of Belgian hosting firm Alfa Hosting, after the firm initially declined to pay up. Rex Mundi never disclosed the rest of the sensitive data they claimed to have -- either because Alfa had a change of heart and paid up or perhaps because Rex Mundi never had the info they claimed to have. In June 2012, they did follow through on threats, revealing thousands of records about bank loan applicants, including truncated Social Security numbers, when AmeriCash Advance refused to pay a $15,000 ransom.

Ransom requests have become a growing category of cybercrime, largely because of the popularity of CryptoLocker. No ransomware was used in this attack.

In its original announcement, the group pointed out that both of the hacked websites were "still up and vulnerable." The sites remain up for now. Domino's has advised customers to change their passwords.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
6/23/2014 | 12:11:12 AM
Re: Forensics Data
That's an interesting idea Christian. It is possible a clue was left that investigators will turn up. Kudos to them for not paying the ransom though.

BP
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/20/2014 | 5:30:52 PM
Upsetting
This is upsetting because I love dominos and order from there a lot.

But on a serious note: I know Dominos went on record stating that in the breach ws no procurement of financial data, but besides toppings does anyone know the exact data sets breached and were they confirmed? Thanks,
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/20/2014 | 3:52:06 PM
Re: Forensics Data
Free pizza and beer will open up a world of knowledge.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/20/2014 | 1:12:43 PM
Re: Forensics Data
Curious that they decided not to disclose customers pizza topping preferences. Perhaps they're to use that infor in a social engineering scam.
Randy Naramore
100%
0%
Randy Naramore,
User Rank: Ninja
6/19/2014 | 4:10:26 PM
Re: Forensics Data
Hackers are not normally known for their high morals or ethics. I hope most of us are not surprised.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/19/2014 | 3:07:58 PM
Forensics Data
Knowing the diet of hackers, perhaps the restraint was more about realizing Rex Mundi's own information was included in the breached records!

But on a serious note, based upon past situations, it's likely more a matter of self-preservation than a change of heart, whatever the source of the restraint. While bluffing is certainly a tool in the arsenal, forensics analysts may want to review the case more closely for a potential slip-up on Rex Mundi's part the group is trying to cover-up by not following through...
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.