PARIS, France — Those of you who are constantly looking over your virtual shoulders for fear of the sinister cyberthieves waiting to steal your personal data, rest (somewhat) assured.
They're not all that big and bad. In fact, some of them are downright lame.
Like Rex Mundi, a group that last week claimed to have broken into the online customer databases kept by Domino's Pizza in France and Belgium. "And boy, did we find some juicy stuff in there!", the group gleefully announced online.
Just how juicy are we talking, oh dastardly ones? This juicy: more than 600,000 customers' full names. (Oh boy.) Addresses. (Oh boy oh boy.) Phone numbers. (Yikes.) Email addresses. (No!) Passwords. (Say it ain't so!) Delivery instructions. (Er...) And juiciest of all — their favorite pizza toppings.
That's, um, it. It's more than you'd want an unscrupulous stranger knowing about you, certainly, but clients' credit card details weren't compromised — because Domino's doesn't have them. The French and Belgium sites don't allow customers to pay for their pizzas online, as any fool knows since it's practically the first thing they tell you when you go to place an order.
The hackers had the
idiocy audacity to hold the stolen info for ransom, demanding 30,000 euros ($40,700) from Domino's or else. They gave the company until 8 p.m. Monday to pay up or, they said, they'd post the confidential data on the web in full. And if you're picturing a huge ticking clock/skull-and-crossbones taking over the Domino's mainframe, forget it — Rex Mundi communicated its terms by "[sending] various emails" and "also used the contact forms on their websites to let them know of this vulnerability." Terrifying.
Domino's acknowledged the security breach, which it assured customers it was taking "very seriously," but refused to give the hackers a single centime. Perhaps sensing their masterplan unravelling, the hackers posted a series of messages on their Twitter account (now suspended) trying to convince Domino's clients that they'd have the right to sue the company if they — the hackers — published their personal details. (It may not have helped that their appeals to French and Belgian pizza eaters were written in English.)
It was to no avail. The deadline came and went, and as of Tuesday Domino's said it had no evidence to suggest that the hackers had carried out their threat to publish its customers' data. #Fail.
What's more, it wouldn't be the first time that one of Rex Mundi's plans didn't exactly go, er, to plan. Since 2012, the group has pulled similar stunts on payday lender AmeriCash Advance, telecoms company Numericable Belgium, Italian hosting service Websolutions.it and others. Each company that acknowledged the attack says it refused to pay and contacted the police.
But it seems like none of those investigations have led to the hackers being caught. Maybe they're not quite as lame as they look, after all.