What happened to Pizza Hut Australia?

Pizza Hut Australia experienced a data breach that affected more than one million customers. The breach was claimed by the hacking group ShinyHunters.

What data was compromised in the breach?

ShinyHunters claim to have stolen more than 30 million records, including customers' order details and personal information of over one million individuals. This information included customer names, email addresses, postal addresses, geographical coordinates, mobile phone numbers, passwords, service preferences (delivery or pickup), and encrypted credit card numbers.

How did ShinyHunters substantiate their claims?

To support their claims, ShinyHunters provided two sample files: one containing 200,000 order records with detailed information on orders and another in JSON format with data on 100,000 customers.

What is the current demand from ShinyHunters?

ShinyHunters are demanding $300,000 for the complete deletion of the stolen data. It's worth noting that ShinyHunters have a history of selling or leaking data when their extortion demands are not met.

Has Pizza Hut Australia responded to the demand?

As of now, Pizza Hut has not issued any response to ShinyHunters' demands.

Incident

Hackers claim to have stolen data of 1 million customers of Pizza Hut Australia

Q: When did the data breach occur?

The breach is reported to have occurred between one to two months ago when ShinyHunters gained unauthorized access through Amazon Web Services (AWS), using multiple entry points.

Q: Was the breach detected during the attack?

No, ShinyHunters assert that their activities remained undetected throughout the duration of the attack, which is of particular concern.

Q: Is there any public notification from Pizza Hut Australia regarding the breach?

No, Pizza Hut Australia's website currently lacks any notifications to customers regarding a data security incident involving their credit card information, and there is no public notice regarding the security breach.

published: Sept. 3, 2023

Learn More

Pizza Hut Australia has fallen victim to a data breach affecting over one million customers. The breach is claimed by the hacking group ShinyHunters.

The breach allegedly occurred between one to two months ago when ShinyHunters gained unauthorized access through Amazon Web Services (AWS), utilizing multiple entry points. The hackers assert to have stolen more than 30 million records, which encompassed customers' order details and personal information of more than one million individuals.

Of particular concern is ShinyHunters' assertion that their activities remained undetected throughout the duration of the attack.

To substantiate their claims, ShinyHunters provided two sample files:

The first file contained 200,000 order records with detailed information on orders,
The second was a JSON file featuring data on 100,000 customers.

This data included

customer names,
email addresses,
postal addresses,
geographical coordinates,
mobile phone numbers,
passwords,
service preferences (delivery or pickup),
encrypted credit card numbers.

Notably, while the credit card information was encrypted, other fields were left in plaintext.

Upon inspecting the files researchers have been able to confirm that there are real individuals with matching names within the appropriate geographic regions for the provided data samples.

ShinyHunters has made a demand of $300,000 for the complete deletion of the stolen data. ShinyHunters has a track record of selling or leaking data when their extortion demands go unmet. Thus far, Pizza Hut has not issued any response to their demands.

It's worth noting that Pizza Hut Australia's website currently lacks any notifications to customers regarding a data security incident involving their credit card information and no public notice regarding the security breach.

Update - Pizza Hut's Australian operations confirmed the breach in an email to customers, revealing that the company detected unauthorized access in early September. Approximately 193,000 customers are believed to be impacted, and affected customers have been notified. The incident did not disrupt Pizza Hut's operations.

Hackers claim to have stolen data of 1 million customers of Pizza Hut Australia

Read More
Kraft Heinz Co. food company investigating claims of …
Philippine Jollibee Foods Corporation hit by data breach
True World Holdings group reports data breach
Semyonishna dairy processing plant hit by ransomware
Ransomware groups attacks Coca-Cola systems