Dominos' India website hacked, customer info leaked

The Indian website of popular pizza retailer Domino's (www.dominos.co.in) was hacked by a Turkish Hacker group that calls itself Turkish Ajan Hacker Group. Details of about 37,000 accounts, including names, phone numbers, email addresses, passwords and city details, were leaked, and the passwords have been released in plain text.

Dominos International operates in India through its master franchise Jubilant FoodWorks. Domino's India website was hacked using the SQL injection method and remote file inclusion, one of the most common methods for stealing private data from web databases. Through this, the hacker typically tricks the site's database into revealing data that should be hidden by 'injecting' certain commands.

Govind Rammurthy, managing director and chief executive of eScan, says, "Once hacked, all the website can do is fortify its webserver and make some configuration changes that are not too costly. But it's very hard to absolutely secure a website from the numerous attack tools available."

Earlier this year, Microsoft Store India was hacked by a team of Chinese hackers who left a 'black page' tagged with the words "Unsafe system will be baptized".

Besides the defacement, the customer database was also breached and usernames and passwords stolen, as there was no protection and no encryption on the site that stored passwords

as plain text.

Independent security professional Ankit Fadia says, "Most websites, especially government sites, have little or no security protection. Second, these don't even have dedicated security professionals to manage the website and keep protect these from targeted attacks."

Hacking a website has increasingly become a handy disruption tool for hackers. Recently, a Pakistani hacking group defaced more than 450 Indian sites. Fadia says most of the recent attacks on government websites were through the distributed denial of service (DDoS) method, which overwhelms a website's servers and forces these to shut down.

"This kind of an attack is also hard to trace, since DDoS attacks are carried out by a group of hackers and it is difficult to trace their location," Fadia adds.

In a report, security solutions company Trend Micro estimated systematic attacks were carried out on at least 233 personal computers, and the victims included Indian military research organisations and shipping companies, and aerospace, energy and engineering companies in Japan.

Baburaj Varma, head (technical services), India & Southeast Asian Association for Regional Cooperation, Trend Micro, says, "At least 30 computer systems of Tibetan advocacy groups have been attacked so far. The espionage has been going on for at least 10 months. This was not the only attack that was started and stopped; it is a continuous effort by cyber criminals to attack government websites in India."