Domino’s India has disclosed a data breach after a threat actor posted on a criminal forum in April that they were selling a database allegedly stolen from Domino’s. The databases were said to include information from 180 million orders and one million credit cards. This month the same threat actor that was selling the data put it up on a Tor Darkweb search engine for people to search if their data was exposed. Domino’s India disclosed the data breach in an email to their customers over a month later. Domino’s stated in their email that the threat actor’s claim of having access to one million credit cards from their database is false because they do not store any financial data.
Bleeping Computer confirmed through users of Domino’s India that the Tor search engine did produce accurate information. It is important to note that the search engine is run by a threat actor and any data entered into it could be used for more cyber-attacks in the future, pairing the provided information with known information for phishing and SMS phishing attacks. Anyone who has ever ordered from Domino’s India should make sure they change their account information and though they stated credit cards are not stored, users should still monitor their credit cards for fraudulent charges.