Pizza Lovers Suffer Data Breach From Hell - Slashdot

Slashdot

Pizza Lovers Suffer Data Breach From Hell 164

Posted by samzenpus on Thursday July 29 2010, @01:12AM
from the hell-of-a-breach dept.

netbuzz writes "Some 230,000 New Zealanders have been informed that their personal information has apparently fallen into the hands of hackers who compromised the network of a locally famous food chain, Hell Pizza. The company says it suspects 'a rogue employee,' but one security expert says Hell's ordering portal is 'about 50 steps of fail.' Several New Zealand celebrities are among the victims and at least one is taking the matter in stride, musing: 'My Twitter has been hacked, my Facebook has been hacked and I'm pretty sure half of New Zealand has my phone number already. I have nothing bad to say about Hell.'"

This discussion has been archived. No new comments can be posted.

Pizza Lovers Suffer Data Breach From Hell

Search 164 Comments Log In/Create an Account

Comments Filter:

Re:SQL Injection (Score:5, Interesting)

by MichaelSmith (789609) writes: on Thursday July 29 2010, @01:31AM (#33065428) Homepage Journal

"I'd like to order a large, thin crust, double cheese, pepperoni and drop table..."
No clear the table before you place your order so your pizza gets the priority it deserves.

Parent Share
twitter facebook
Hell Pizza is Awesome! (Score:4, Interesting)

by mad.frog (525085) writes: <steven.crinklink@com> on Thursday July 29 2010, @01:55AM (#33065548)

It's actually brilliant pizza -- easily the best pie I've ever had outside of the USA (or Italy). Inventive topping combinations and skillfully made. I wish they'd open a franchise here in California.

Share
twitter facebook
Re:Risky.Biz Explaination (Score:3, Interesting)

by buchner.johannes (1139593) writes: on Thursday July 29 2010, @02:37AM (#33065690) Homepage Journal

Risky.Biz
... The Flash client makes queries which are hard-coded in the .swf (this is dumb as it means SQL Injection is effectively a 'feature' of the store).
Their webdesign company is called "Inject Design Ltd.". Go figure ...
You could easily alter the query string to show the hashes stored in the MySQL users table. I figured out the version of MySQL was 4.0 (Debian Sarge) - and the hashes in this version are very weak, cracking them would take less than a couple of hours.
I'm unsure what hashes he is talking about here. Password hashes? What was the weak hash algorithm?

Parent Share
twitter facebook
What I don't understand... (Score:4, Interesting)

by BrokenHalo (565198) writes: on Thursday July 29 2010, @03:58AM (#33066010)

...is why the hell some outfits feel the need to collect that much information about you just to sell you some food. After all, it doesn't make them a single extra sale. If you're not hungry, you're not going to buy a pizza.

Any shop that tries to get that kind of information out of me gets a flat refusal. Likewise, any venue that tries to take my fingerprints or iris scan.

Parent Share
twitter facebook
Re:Security audits? (Score:3, Interesting)

by GameboyRMH (1153867) writes: <gameboyrmh&gmail,com> on Thursday July 29 2010, @10:57AM (#33069244) Journal

I wouldn't be surprised if they just had IT security audits done by KPMG and Ernst & Young while the data was being pulled out by the truckload through a gaping hole, just like the Latvian banks...

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

477 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
391 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

The disks are getting full; purge a file today.