The ShinyHunters hacking group has claimed that in the last couple of months it has stolen more than 30 million customer order records from Pizza Hut Australia, alongside information on more than one million customers.
The group told Data Breaches that “using multiple access points” it gained unauthorised access to Amazon Web Services buckets used by the pizza chain, exfiltrating records including:
- store ID
- customers’ first and last name
- customers’ email addresses
- customers’ postal addresses
- customers’ phone numbers
- customers’ encrypted credit card data
- customers’ hashed passwords
According to the report, ShinyHunters is demanding $300,000 in exchange for the deletion of the stolen data – or it will be sold to other cybercriminals or leaked online.
To date Pizza Hut Australia does not appear to have made any public statement about the alleged data breach, and it is unclear whether data regulators and law enforcement in Australia have been notified.
The ShinyHunters gang became notorious in 2020, after a spate of hacks that saw more than 60 companies breached.
Corporate victims included online dating sites, a photo book-creating service Chatbooks, and stock-trading services.
Even Microsoft fell foul of the group, after over 500GB of Microsoft source code was stolen from the tech giant’s private GitHub repository.
Despite the apprehension of suspected members of the hacking group, ShinyHunters continues to cause headaches for businesses tasked with the important job of protecting their customers’ data.