Details of about 37,000 accounts including names, contacts, passwords and other information of Domino's customers were leaked online after the official Indian website of the popular pizza retailer was hacked by a Turkish team that calls itself Ajan Hacker Group.
According to reports, hackers used the SQL injection method and remote file inclusion to attack Domino's website. It's notable that the remote file inclusion is one of the most common methods used by hackers to breach web databases. With this method, database of a website is tricked into disclosing data that should have been hidden by ‘injecting’ certain commands.
“Once hacked, all the website can do is fortify its webserver and make some configuration changes that are not too costly. But it’s very hard to absolutely secure a website from the numerous attack tools available,” Govind Rammurthy, managing director and chief executive of eScan, is quoted as saying by Business Standard.
It's not the first time an Indian website has fallen prey to the hackers. Earlier, a number of websites including those of the government, political parties and private companies have suffered major defacement. It may be recalled that hackers group "Anonymous" conducted a spate of attacks on the Indian websites to protest the blocking of file sharing websites such as Daily Motion, Pastebin, Vimeo, The Pirate Bay, and others.
“Most websites, especially government sites, have little or no security protection. Second, these don’t even have dedicated security professionals to manage the website and keep protect these from targeted attacks,” says Independent security professional Ankit Fadia.
Update: We have removed the indicative image used earlier in this article, Operation India is not related to the above incident in any ways. We apologize for the miscommunication.
Source: Business Standard