11/20/2014

Update 2 : releak by Rex Mundi (pizza domino.fr)

Rex Mundi said he was looking at some new targets yesterday 

so we published an alert for the financial, HRM, ISP sectors 

today he is publishing a file claiming to come from pizzadomino.be/fr  ----- NO they retract it is their old file 

they say that they have also hacked the NL database - maybe the database with France or Domino Pizza is in the backoffice one big mess but so what .... 

I need confirmation or more proof to announce belgian dominopizza.be as officially hacked and leaked 

now pizzadomino.fr was hacked (with a file of half a million people - now disappeared again) 

but there is something strange with that file - there are french addresses in it (in the total of 3000 addresses) amongst Belgian adresses and the biggest bunch that can't be localised 

the passwords are encrypted and salted and so I don't see the big securityproblem in this one for the moment except that you have some mobile numbers and some emailaddresses together which make a fine combination for a combined attack 

it also shows why big data is a big risk and why you should never keep data that is old 

tweets 

@mailforlen Just 2 b clear, this data is from our old hack. On the same server, Domino's had 3 DBs: FR, Be-FR and Be-NL

@mailforlen Yes, as we said, this one is from the French-speaking version of the Belgian website of Domino's. We also have NL version.

 

 

Permalink | |  Print |  Facebook | | | | Pin it! |

Comments

J'ai télécharger cette DB cette après midi et je l'ai analysée. Effectivement, il s'agit de le DB de Domino's. En cherchant dedans, je suis tomber sur des connaissances et je leur ai posé la question de savoir s'ils avaient déjà effectué une commande sur le site web et ils m'ont répondu pour l'affirmative. Concernant la sécurité des mot de passe, il s'agit d'un "simple" MD5 très facilement déchiffrable avec JtR.

Posted by: EddLermuf | 11/21/2014

Respond to this comment

The comments are closed.