BreachExchange mailing list archives
fringe: New Zealand-based Hell Pizza's database gets walked...
From: security curmudgeon <jericho () attrition org>
Date: Thu, 22 Jul 2010 04:35:03 -0500 (CDT)
http://risky.biz/hell EXCLUSIVE: I know what you ate last summer New Zealand-based Hell Pizza's database gets walked... By Patrick Gray July 22, 2010 -- The online customer database of a New Zealand-headquartered pizza store chain has been compromised. Risky.Biz understands multiple intruders have compromised Hell Pizza's 400mb database. While it does not contain any credit card information, it does contain in excess of 230,000 rows of customer entries. The company operates 64 stores in New Zealand, three in England, nine in Australia and one in Ireland. The database entries include the full names, addresses, phone numbers, e-mail addresses, passwords and order history for the company's customers. The information is "doing the rounds" among legitimate penetration testers across New Zealand who are using it to assist their brute force password cracking attempts. The same penetration testers contacted the company last year, posing as "concerned customers", but received no acknowledgement of the data breach. They fear the database may have already found its way into the wrong hands. When contacted by Risky.Biz, Hell Pizza co-owner Stuart McMullin said he was unaware of the data breach. He offered no comment when a list of questions was e-mailed to him, beyond acknowledging the contact from "concerned customers" in 2009. "I have spoken to my IT staff and they are not aware that our site was hacked or any records lost," McMullin wrote in an e-mail to Risky.Biz. "There were a couple of 'customers' that thought it was the case last year who emailed us - perhaps these are the sources you are referring to - but not to our knowledge." [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- fringe: New Zealand-based Hell Pizza's database gets walked... security curmudgeon (Jul 24)