Domino’s India’s official website — dominos.co.in was hacked by Turkish hackers that call themselves, Turkish Ajan Hacker Group, according to a report by cybernewsinfo. The hackers have reportedly leaked 37,000 login details of Dominos India customers including their usernames, plain text passwords, email addresses, telephone numbers, state name and IDs. Note that MediaNama is unable to verify this, independently, and there’s been no communication by Dominos India on the said leak.
Apart from customer details, the leak also contains details from the Dominos India website which might allow administrator access to other domains on the site.
The hacker first posted about the hack on Turkish forum — Turkishajan.com where they posted that they have uploaded all the account details on Pastebin.com. However, at the time of writing this post, the data uploaded seems to have been pulled down. Domino’s Pizza, Inc., an international pizza delivery corporation headquartered in Michigan, United States, runs its Indian operation through its master franchise, Jubilant FoodWorks.
According to a report by Business Standard, the Turkish hacker used SQL injection method and remote file inclusion for stealing the private data. These days the risk of SQL injection is on rise due to the advent of automated tools. Previously, hackers had to inject SQL codes manually to hack into databases.
In September 2012, two members of the hacker group ‘Indishell’ and its offshoots were arrested on charges of hacking an online mobile recharge portal, by Gautam Budh Nagar (Noida) cyber crime cell. The hackers had obtained admin rights to the portal, after hacking into the portal’s servers and were able to bypass the payment gateway page. Therefore, whenever users placed a recharge order for their prepaid mobile phones, DTH cards or data cards, these hackers would send the top up amount to the respective users, without generating any bill.
In May 2012, after accusing Reliance (Communications) of going beyond the mandate given to it by courts and the government and blocking sites without authorization, hacker group Anonymous Operation India(AnonOps India), had hacked into Reliance servers and are redirecting users who’re trying to access websites including Twitter, to a page on which they ask the Indian Government to re-enable the group’s suspended Twitter ID, giving it a 24 hour deadline, in addition to addressing the Indian people, opposition and the media. The same group had defaced the official websites of Andhra Pradesh Power Generation Corporation Limited, All Indian Trinamool Congress (AITMC) and several websites related to the Mizoram government including the Mizoram Police website, Social Welfare website, Agriculture (Research & Education) Ministry, Mizoram Food And Allied Industries Corporation and many more. It had also taken down the Indian Supreme Court’s website and the official website of the All India Congress Committee, in its response to Internet censorship in India.
In May 2011, reports had suggested that CCAvenue was compromised by a hacker who goes by the name d3hydr8 through a Hidden SQL injection, and all the admin passwords at CCAvenue were leaked to the public. In conversation with Medianama, CCAvenue CEO Vishwas Patel had however denied that their site was hacked and it was a mischevious slander against their name. He had claimed that the database screenshot put up, was not of their current database, which is on the live server and the usernames & passwords published were not the ones stored in their database.
Microsoft India’s online store was hacked by a Chinese group identified as Evil Shadow and the user credentials were exposed to the public, since it stored both usernames and passwords in plain text. Later in the month, Microsoft had also admitted that financial information could have been compromised during the attack and had sent an advisory e-mail to registered users asking them to keep track of their credit card accounts for any unusual activity.