BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

fringe: New Zealand-based Hell Pizza's database gets walked...

From: security curmudgeon <jericho () attrition org>
Date: Thu, 22 Jul 2010 04:35:03 -0500 (CDT)

http://risky.biz/hell

EXCLUSIVE: I know what you ate last summer
New Zealand-based Hell Pizza's database gets walked...
By Patrick Gray

July 22, 2010 --

The online customer database of a New Zealand-headquartered pizza store 
chain has been compromised.

Risky.Biz understands multiple intruders have compromised Hell Pizza's 
400mb database. While it does not contain any credit card information, it 
does contain in excess of 230,000 rows of customer entries.

The company operates 64 stores in New Zealand, three in England, nine in 
Australia and one in Ireland.

The database entries include the full names, addresses, phone numbers, 
e-mail addresses, passwords and order history for the company's customers. 
The information is "doing the rounds" among legitimate penetration testers 
across New Zealand who are using it to assist their brute force password 
cracking attempts.

The same penetration testers contacted the company last year, posing as 
"concerned customers", but received no acknowledgement of the data breach. 
They fear the database may have already found its way into the wrong 
hands.

When contacted by Risky.Biz, Hell Pizza co-owner Stuart McMullin said he 
was unaware of the data breach. He offered no comment when a list of 
questions was e-mailed to him, beyond acknowledging the contact from 
"concerned customers" in 2009.

"I have spoken to my IT staff and they are not aware that our site was 
hacked or any records lost," McMullin wrote in an e-mail to Risky.Biz. 
"There were a couple of 'customers' that thought it was the case last year 
who emailed us - perhaps these are the sources you are referring to - but 
not to our knowledge."

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: