Unauthorised access gained to companies Amazon Web Services buckets claiming to have exfiltrated 30 million customer order records
Company Statement: None
Source: Pizza Hut Australia leaks one million customers’ details, claims ShinyHunters hacking group | Bitdefender
View more incidents from Retail sector and incidents relating to AWS Amazon Web Services
In 2012, Pizza Hut Australia had its website hacked, with the personal information of 240,000 customers compromised, according to ZDNet. Read more at: https://www.zdnet.com/article/pizza-hut-hacked-customer-info-lost-credit-card-details-safe/
The ShinyHunters hacking group has claimed that in the last couple of months it has stolen more than 30 million customer order records from Pizza Hut Australia, alongside information on more than one million customers.
According to “Shiny” (@shinycorp), the group gained access 1-2 months ago via Amazon Web Services (AWS) using multiple entry points. They claim to have exfiltrated more than 30 million records with customers’ orders as well as information on more than 1 million customers. exfiltrating records including:
- store ID
- customers’ first and last name
- customers’ email addresses
- customers’ postal addresses
- customers’ phone numbers
- customers’ encrypted credit card data
- customers’ hashed passwords
Shiny states that they are demanding $300,000.00 to delete all the data. ShinyHunters has a reputation for selling or leaking data when their victims don’t pay their extortion demands, and so far, Pizza Hut hasn’t responded to them at all.
Related
