Consumer Passwords Keep Falling, Like Dominos

Companies have been asking the consumers to change their passwords more frequently due to high profile security breach or even vulnerability. Recently, Heartbleed bug, a highly sensationalized one, was affecting many sites that the consumers use on a regular basis, probably. Further, a breach at eBay compromised the database that contained the passwords as well as the personal information of around 145 million subscribers. More recently, the breach of servers at reputed Domino’s Pizza based in France and Belgium. It compromised the personal information of more than 650,000 consumers, about 592,000 in France while around 58,000 in Belgium. The information contained the phone numbers, passwords, email addresses, full names, addresses as well as delivery instructions along with their favourite pizza toppings. The thing that made headlines this case of breach of Domino’s Pizza was the ransom that was demanded by the hacker group that took credit for this. The hacker group identified itself as Rex Mundi, which means, King of the World in Latin language, demanded a heavy ransom of 30,000 Euros. They promised not to make the information public in exchange of the ransom. It is a new twist on the rising trend of holding data in exchange for ransom. Earlier to this, the data was implemented through encryption of the data and the group demanded payment to receive it in return. Domino’s refused for paying ransom to the group. However, the post incident communication by the company is worth pondering over. For a consumer, it is not that difficult to change the password. However, it is about the identity theft problem that the company like Domino’s dumped on the plate of the consumers. The France location of the company just gave a single tweet, which was in four parts, based on the standard limitations of character allowed on Twitter. The tweet was in French language, which when translated in English, means that Domino’s Pizza used an encryption system for trading data. However, the hackers that the company suffered were seasoned professionals and it is probable that they could have decoded the encryption system that even include the passwords of the customers. Hence, the company recommended the customers to change their password for the purpose of security. The company regretted the situation strongly and took the illegitimate access quite seriously. The company acknowledged the incident. However, they took little responsibility for what had happened. They did not provide any real explanation of what had happened. If they use an encryption system, then how come seasoned professionals could have decoded it? Was the encryption used weak? Or did they mismanage and expose the encryption keys or hash the passwords but did not salt them. Or did they protect just the passwords of the consumers but not their complete information. The company did not acknowledge the effects, except for recommendation that the consumers change their passwords. Domino’s remained silent on the bigger issue of the fraudulent activity based on the identities of the consumers. They just regretted the situation and took it seriously.