Wednesday, July 28, 2010


They know what you ate last summer. Devilish hackers have stolen valuable customer information from NZ-based Hell Pizza. A database containing the sensitive personal data has been doing the rounds since last year, without any confirmation of the breach from the company!
The 400 MB database lists info on 230,000 customers (including several notable celebrities)! No credit card details or other type of financial information, but full names, addresses, phone numbers, emails, hashed passwords and even order history.
The most obvious danger here is that many people tend to re-use both their usernames and passwords. This mean hackers can use the stolen information to access other accounts belonging to those customers, including ones that do contain financial details. And that's not theoretical: a similar thing happened in Israel just this month - information was sourced which compromised the PayPal accounts of some customers.
Hell Pizza (which operates 64 stores in NZ, nine in Oz and three in the UK) was contacted by concerned customers last year...but it failed to verify the claims! The company's only recently contacted the NZ police after being provided with excerpts from the database. It's also emailed customers to inform them of the situation, and to suggest they change their login if they use the same password for other websites.
One has to wonder why the hell it took 'em so long...!

No comments: