Monday, July 26, 2010

Hackers Hack Customer Database with Passwords at New Zealand-Based Hell Pizza

Is Hell Pizza tasty? I don't know if I want to be eating pizza at any place called Hell. It may indeed be hell for some of its customers whose accounts and passwords were recently hacked.

The online customer database of a New Zealand-headquartered pizza store chain has been compromised.

Risky.Biz understands multiple intruders have compromised Hell Pizza's 400mb database. While it does not contain any credit card information, it does contain in excess of 230,000 rows of customer entries.


The company operates 64 stores in New Zealand, three in England, nine in Australia and one in Ireland.

Per Hell Pizza's Facebook page:

Dear Valued Hell Customer,

We have been approached by a party claiming to be in possession of customer details from the previous Hell website which is no longer in operation. The samples that we received included details of four customers from 2006, including phone numbers and email addresses and order information. We can confirm that credit card data was not at risk as this is held independently on a secure banking website.

Whilst we are still investigating the matter, we can confirm that the information was obtained without our knowledge and we have approached the New Zealand Police with a view to lodging a formal complaint. Hell recognises the importance of protecting customer information and additional security measures were implemented earlier this year when our new website was rolled out (again, we reiterate that this is not an issue affecting the new website). As a further security measure you may wish to consider changing your passwords on other sites if they were the same as the old Hell Pizza website.

We apologise for the incident and any inconvenience that this may have caused.

Sincerely,

Stu McMullin - Director Hell Pizza

We acknowledge that some of you have asked to be removed from the database and we have included you for the purposes of this notification.

Source: Graham Cluley's blog


No comments: