Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A New Zealand pizza chain with shops in Brisbane was hacked to expose details of its customers around the world.
Australian IT security news site Risky.biz found that the database at Hell Pizza was cracked in the middle of last year to reveal passwords, emails, home addresses and phone numbers of about 230,000 customers.
Hell Pizza has nine shops in Brisbane and others in Britain. At the time of writing, the Australian website was offline.
It sent an email to those possibly affected requesting that they change their password, with director Stu McMullin claiming that ithe company had been "approached by a party claiming to be in possession of customer details from the previous Hell website which is no longer in operation".The email read: “The samples that we received included details of four customers ... including phone numbers and email addresses and order information. We can confirm that credit card data was not at risk as this is held independently on a secure banking website.“Whilst we are still investigating the matter, we can confirm that the information was obtained without our knowledge and we have approached the New Zealand Police with a view to lodging a formal complaint. Hell recognises the importance of protecting customer information and additional security measures were implemented earlier this year when our new website was rolled out (again, we reiterate that this is not an issue affecting the new website). “We apologise for the incident and any inconvenience that this may have caused.”
Director Warren Powell said it was a massive concern for the company, who had still failed to locate the source of the breach but suspected a former ‘rogue employee' might be to blame.
He told the NZ Herald: “We are honestly taking this very seriously. The last thing we have wanted to do is inconvenience our customers. We take customers' personal details bloody seriously and we spend a lot of money on security. We have been working 24/7 on this for some time and have not found a breach.”Stephen Howes, CEO of GrIDsure, said: "The potential security breach of Hell Pizza yet again exposes the inherent frailty of passwords as a method of authentication and illustrates the risk of using the same password for numerous websites and online banking. However, users really aren't to blame because recommended ‘strong passwords' are just not very easy to remember, especially when you are advised to use a different password for every web-site you visit. This is clearly highlighted by the ‘forgot my password' feature present on the password login screen. “Passwords can be compromised through various forms of attack, including shoulder-surfing, key-logging and screen-scraping. In order to genuinely improve security, organisations need to abandon login systems based on fixed passwords and PINs and replace this flawed method of authentication with a one-time passcode method. By making this change, organisations will reduce cases of data loss and identity theft while also saving money and improving customer satisfaction to boot.”Graham Cluley, senior technology consultant at Sophos, said: “You should never use the same username and password on multiple websites. It's like having a skeleton key which opens every door - if the bad guys scoop up your password in one place they can try it in many other places. If it gets hacked (like in the Hell Pizza example) then cybercriminals could use it to access your other online accounts - webmail, PayPal, Amazon and so on.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.