Domino's data breach information posted to online portal: Report
A security researcher has shared details of a portal where customer information including as their Name, Email, Mobile, GPS Location for 180 million orders was accessible via a “search engine”.
Over the course of 2021, multiple reports of data breaches at Indian companies have emerged, affecting Last month, popular pizza delivery chain Dominoes reportedly suffered from a data breach, which was reported by Gadgets360. A researcher has now shared the existence of a data dump of user data that is reportedly accessible via a web portal.
Cybersecurity researcher Rajshekhar Rajaharia shared the portal that has been made available on the dark web, which is currently accessible to users to check whether their data has been affected in the data breach. Rajaharia tweeted that information such as their Name, Email, Mobile, GPS Location for 180 million orders was accessible via a “search engine”.
“The worst part of this alleged breach is that people are using this data to spy on people. Anybody can easily search any mobile number and can check a person's past locations with date and time. This seems like a real threat to our privacy,” Rajaharia tweeted.
The worst part of this alleged breach is that people are using this data to spy on people. Anybody can easily search any mobile number and can check a person's past locations with date and time. This seems like a real threat to our privacy. #InfoSec #GDPR #DataLeak pic.twitter.com/5G494xJSCf— Rajshekhar Rajaharia (@rajaharia) May 22, 2021
When the breach was first reported, Jubilant FoodWorks (which owns the company) had stated to Gadget360 that they had experienced an information security incident, but no financial information was accessed and there was no operational or business impact due to the incident.
The Next Web reports that it was able to contact users affected by the breach who checked their data on the dark web. In addition to your phone number or email address, the data breach reportedly contained the address you entered when you had your previous orders delivered via the service.
However, in order to prevent misuse, the .onion link that can be accessed via the Tor browser has been redacted by Rajaharia, so there is no way to check if your data is affected by the breach. However, the website also does not seem to contain any way to request deletion of a user's data from the database.