Apparently, hackers have gained access to 600,000 Domino’s Pizza customer details, including their favourite toppings. ESET Ireland advises users to change their pizza toppings selection to stay safe.
I am otherwise a rational and sensible cybersecurity analyst, but I draw the line when someone messes with my food. And the hackers behind this latest attack did just that. In a bid to extort money from Domino’s Pizza, they threatened to publically post detailed info of 600,000 customers, including their favourite pizza toppings unless they’re paid a ransom of €30,000. The hackers aimed at possible lawsuits against the pizza company for breach of privacy, but a representative of Domino’s said the ransom will not be paid and that the customers’ financial data and credit cards were not compromised in the attack.
The servers attacked mainly contained customer info from France and Belgium so Irish users shouldn’t be affected, but just to be sure, ESET Ireland recommends you change your toppings selection, so it doesn’t coincide with the one the hackers may have, so you will not be offered a fake pizza by them. Ok, we’re joking here. But only a bit. Because in the age of targeted attacks, so called spear-phishing, it is not uncommon practice among cybercriminals to gather as much data on anyone they can, including such details as food preference, then prepare a targeted scam which uses bits of this data to convince the victim it’s legit. Imagine an average Joe receiving an email from someone pretending to be Domino’s and saying “Hi Joe, you ordered extra anchovies in your last three orders with us and we want to give you a prize for being a regular customer. Click here and fill in the form to claim your prize.” Even though the sender and email would be fake, the victim would recognise they did in fact order extra anchovies and would consider the offer real and would likely click on the link. This could in turn infect their computer with malware, demand they enter their banking details to receive the prize, or any other wicked thing cybercriminals do.
Apart from changing your toppings, at least for a while, ESET Ireland therefore seriously advises you are careful with the personal data you share with companies and services you deal with. Know that, as in the case of this hack, if the data falls into the wrong hands, it can be used against you. Only disclose the minimum of necessary info and if you receive any suspicious email, claiming reference to some real info about you, double check if it is legitimate, before you do anything it’s asking you to do. When unsure, just ring the company in question and check.
by Urban Schrott, ESET Ireland