Home » Internet » web2.0 » Domino India’s Website attacked, 37k accounts revealed!
Last updated: August 20, 2014 at 10:24 am

Domino India’s Website attacked, 37k accounts revealed!

India’s cyber security scene is in the spotlight yet again, with news emerging of leading pizza retailer Domino’s Indian website hacked and information of about 37,000 accounts made public.

The information includes names, contact numbers, email addresses, residential addresses and passwords in plain text.

Dominos Dump

According to Business Standard, the attack was carried out using popular SQL injection method and remote file inclusion.

Both these methods are one of the most basic ones used by hackers, with the aid of software tools.

SQL injection attacks take advantage of the lack of filtering of user-input text, allowing attackers to trick the website’s database into revealing information through SQL commands supplied from input areas. Remote file inclusion is a type of attack that allows hackers to upload malicious scripts to be executed at the web server; again, improper input field validation makes a site vulnerable.

This attack is a dream come true for identity thieves, and exposes the lack of protection employed by yet another popular website. It wasn’t very long ago that LinkedIn users’ passwords were exposed in plain text, calling for the need for better protection to be implemented.

Passwords should be both hashed and salted. Salting is a process of introducing random characters to a password, before it is garbled into a fixed-length, meaningless text via hashing to be stored at the server’s database. Salted passwords that are subsequently hashed are harder to guess via tools that can crack passwords that are only hashed.

Adequate server-side password protection methods do not incur much overhead, but Domino’s has missed out on that, and has to settle for the after-effects of a costly error.

In the recent past, there has been a spate of cyber attacks on Indian sites, including an attack on the very agency tasked with responding to cyber security threats in India, CERT-In.

Staying Safe Online

While websites take their time to implement basic security measures at their end, it is important for us as end users to stay safe.

Well-known Indian tech blogger Amit Agarwal has an excellent article on keeping online accounts safe and secure. Among the many tips, he recommends having separate email addresses for various services.

Sites like Facebook can have a publicly known email address associated with it, and others that require more security or no socialization can have a “secret” email address linked to it. He warns not to set one email address as the recovery email for the other, to prevent a hacker from taking over both email addresses if one of them has been compromised. He also recommends using a virtual credit card (VCC) for payment at sites that are not very well-known or may have questionable security.

Leaks such as the one affecting Domino’s can be dangerous for users who have the habit of using the same password across several services to aid their convenience, and such a practice should be a strict no-no. Furthermore, it is a good idea to insist on the cash-on-delivery or netbanking options when ordering online.

[fbcomments]

1 Comment

Click here to post a comment

  • hi your write up is a good lead to take preventive steps to keep out hackers.As I am having a website I thank you specially. Your tip are welcome.

Indian Startup Funding Investment Chart List 2016

Check out our Youtube Channel!

Hyperloop is Coming To India Soon; Elon Musk Presents 'Vision of India'

Elon Musk led Hyperloop One presented the India Vision at an event in Delhi, which was attended by M…

RIP Roaming; Airtel Kills Roaming Charges To Fight Jio Free Calling Plans!

Airtel is feeling the heat - They have now announced scrapping of all roaming charges. So whether yo…

Reliance Jio Brings New Cheaper Paid Plans for Jio Prime Users

Reliance Jio have now unveiled even more aggressive and cheaper plans. If you take Rs. 99 yearly sub…

Iconic Nokia 3310 Makes a Comeback; Specifications, Price & More

The iconic Nokia 3310 has made a comeback after nearly 15 years. HMD Global parent company of Nokia …

Subscribe to Our Youtube Channel

who's online