When hackers break into corporate databases to steal customer information, their usual motivation is to use the stolen data to commit acts of identity theft with the customers' compromised identities.
But the European hackers who have allegedly broken into Domino's Pizza databases in Europe have a different motivation: holding the stolen information for “ransom.” Unless Domino's pays them 30,000 Euros (about $40,000), the hackers say they'll release all of the customer information they stole, everything from names and addresses to password and favorite toppings.
The alleged hacker group, called Rex Mundi, annouunced its alleged theft in a post to dpaste.de:
Dear friends and foes,
Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database. And boy, did we find some juicy stuff in there! We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That's over six hundred thousand records, which include the customers' full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).
We immediately sent various emails to both Domino's Pizza France and Belgium. We also used the contact forms on their websites to let them know of this vulnerability and to offer them not to release this data in exchange for 30,000 Euros.
So far, Domino's Pizza has not replied to our demands. We would also like to point out that both of their websites are still up and vulnerable.
Domino's Pizza has until Monday at 8PM CET to pay us. If they do not do so, we will post the entirety of the data in our possession on the Internet.
The letter went on to list some “sample data” from the French and Belgian Domino's websites, including the names, addresses, contact information and passwords of three people from each.
Rex Mundi also posted on Twitter: "Reminder to all @dominos_pizzafr customers: if the company doesn't start paying us, we will release your data tonight."
But a Dutch newspaper quoted Domino's executive Andre ten Wolde as saying that the ransom demand would not be paid. Ten Wolde also stressed that no credit card data had been compromised.