Breaking: Domino’s Hacked in 2017 & Late 2016, Criminal Claims

Posted on October 31, 2017Categories cyber security, information securityTags , , , , , , ,

Dominos pizza logo
Dominos has been hacked, but this is not surprising since we spoke to a criminal who claimed publicly and privately reiterated his claims that he had hacked into Domino’s Venezuala website dominos.com.ve allegedly using a SQL injection, which he publicly announced. We were unable to independently prove the claims by said criminal, since they wouldn’t share where the exploit was that they allegedly used.

Why did the criminal allegedly hack dominos? We do not want to mention the bizarre and insane conspiracy he or she was chasing, but let’s just say this criminal who hacked Domino’s was chasing something that didn’t exist that other news outlets  publicly named over and over in the 2016 U.S election. We have no idea how domino’s fit into their conspiracy theory, except that they sell pizza and the conspiracy theory was partially pizza based.

So, why are we just now writing about a Domino’s hack against Venezulua  that allegedly took place in late 2016? Because Domino’s who we contacted at the time said something to the effect that they would handle it, but now a Domino’s hack against  Australians is  showing a pattern in their security that is too familiar and we believe is unhealthy for their customers.

The 2017 Domino’s hack in Australia is interesting, since Domino’s is saying a third party is at fault due to a rating system that a third party used to manage that leaked customer personal details. This is interesting, because criminals want in your site and they are going to look for the weakest link to get into your site and unfortunately third parties are the most vulnerable when it comes to code.

A company like Domino’s can have a strict security code, but if it doesn’t ensure that their security model is also being used by their third parties and auditing their code, then they enter a security weakness into their threat model. This is a weakness that we take seriously and audit all third party code.

We may be publishing more of what occured in the 2016 domino hack, as this is now relevant information, so please check back as this is a developing news event.