Domino's UK fixes flaw exposing names and pizza orders

Domino's UK has rushed to fix a security vulnerability that allows online customers to see others' names, local stores and pizza orders.

Domino's UK: security flaw exposed customer names and pizza orders
Domino's UK: security flaw exposed customer names and pizza orders

The flaw - fixed at 10am this morning - was spotted yesterday by a Twitter user, James Harland, who noticed after ordering his own pizza online that it was relatively easy to find other customers' order numbers. That exposed their nearest Domino's, their pizza order and their first name.

The flaw stemmed from Domino's use of an encoding scheme to transfer customer information, without actually encrypting it.

As security vulnerabilities go, this one is relatively inoffensive, since the flaw doesn't expose last names, card details or addresses. But any exposure of location and name could lead to social engineering, even if that only results in a lifetime free pizza for the hacker.

Domino's UK said it has now fixed the issue.

The breach comes shortly after the attack on TalkTalk, the biggest on any British company. The ISP this week admitted that 156,959 customers were affected by the hack. Of those, some 15,000 had bank details and sort codes accessed by hackers, while 28,000 card details were accessed.

Domino's franchises in France and Belgium suffered a serious breach last year, with hackers demanding a  €30,000 (£24,000) ransom for a database of 600,000 customers' details.

Update: Marketing's original article stated that Domino's UK was working to fix the issue. The company has since clarified that the issue was fixed at 10am this morning (10 November), ahead of the article's publication. Marketing apologises for any confusion.

Cannes Offer: 12 weeks' online access from just £12

Subscribe to Campaign before the end of Cannes Lions and save up to 71%


Looking for a new job?

Get the latest creative jobs in advertising, media, marketing and digital delivered directly to your inbox each day.

Create an Alert Now
Job description: Digital marketing executive

1 Job description: Digital marketing executive

Digital marketing executives oversee the online marketing strategy for their organisation. They plan and execute digital (including email) marketing campaigns and design, maintain and supply content for the organisation's website(s).

Just published