Pizza Lovers Suffer Data Breach From Hell

netbuzz writes "Some 230,000 New Zealanders have been informed that their personal information has apparently fallen into the hands of hackers who compromised the network of a locally famous food chain, Hell Pizza. The company says it suspects 'a rogue employee,' but one security expert says Hell's ordering portal is 'about 50 steps of fail.' Several New Zealand celebrities are among the victims and at least one is taking the matter in stride, musing: 'My Twitter has been hacked, my Facebook has been hacked and I'm pretty sure half of New Zealand has my phone number already. I have nothing bad to say about Hell.'"

Re:So Hell Pizza requires Facebook/Twitter UID?

[cduffy]

A different way to read it is that the other hacks were independent, and the anonymous celeb is saying that Hell is no worse than any of the other organizations which were entrusted with personal information.

Re:So Hell Pizza requires Facebook/Twitter UID?

[uvajed_ekil]

No, he's saying that all of the otherwise-reputable companies he trusts have been letting him down lately because of their poor internet security. Facebook? Sucks. Hell Pizza? A big chain, i presume, and sucky security, obviously. Twitter? I don't know, but I don't trust them with anything important. Lots of banks, a ton of universities, and many other entities of various sizes expose you to risks such as identity theft. Strong, unique passwords are a no-brainer, but you can't protect yourself if the sites you trust expose your info to every script kiddie and 1337 hax0r who comes along. But I suppose knowing who the "celebrity" (quotes because we are talking about New Zealand) is, and thus how likely to be targeted he or she is.

Sad

[RAMMS+EIN]

Sadly, this isn't the only computer system security SNAFU. It isn't often that you hear about it, but many of the systems I have seen are security WTFs. I continue to be amazed at how little some programmers understand about their trade, and I just don't have words for people who think the security of their computer systems isn't important. Getting a system that is completely secure may be too much to expect, but the least you can do is not make it easy for someone to walk right in and do whatever they want with your data after 5 minutes of observing the publicly accessible part of your system!

Re:Sad

[MichaelSmith]

Okay but how can you make a non-technical customer pay for security? They will go to the cheapest vendor and pay later when it stuffs up.

Re:It's a concern...

[MachDelta]

Actually that's 99.936%, sir.

Oh god, I think I just overexnerded myself. :(

Re:at least they were upfront about it

[Dunbal]

I appreciated their honesty,

      Yeah, they were so honest, they forgot to tell you about the other 229,996 customers...

Re:The Good Old Pizza Times

[pinkushun]

I thought the lesson was: If you fetch the chow, you're entitled to a service fee, payable in consumables purchased. Hmmm Lemming Pizza :P~

Re:SQL Injection

[pinkushun]

Why else would you Hack into a Pizza chain, other than to order free pizza?

INSERT INTO ORDERS
SELECT [cheese] AS [topping 1], [pepperoni] as [topping 2], [free] AS [price], [asap] AS [priority]

Re:What I don't understand...

[somersault]

why the hell some outfits feel the need to collect that much information about you just to sell you some food.

Email address: to reset your password if you forget it (you'd want an account so you don't have to type in your address and payment info each time).
Address: should be obvious.
Phone number: to phone in case they don't get an answer at the door.

TFA doesn't mention any extra personal details that were stolen. I don't see what's so crazy about them needing these other details for online ordering.