Domino's UK fixes flaw exposing names and pizza orders

Domino's UK has rushed to fix a security vulnerability that allows online customers to see others' names, local stores and pizza orders.

Domino's UK: security flaw exposed customer names and pizza orders
Domino's UK: security flaw exposed customer names and pizza orders

The flaw - fixed at 10am this morning - was spotted yesterday by a Twitter user, James Harland, who noticed after ordering his own pizza online that it was relatively easy to find other customers' order numbers. That exposed their nearest Domino's, their pizza order and their first name.

The flaw stemmed from Domino's use of an encoding scheme to transfer customer information, without actually encrypting it.

As security vulnerabilities go, this one is relatively inoffensive, since the flaw doesn't expose last names, card details or addresses. But any exposure of location and name could lead to social engineering, even if that only results in a lifetime free pizza for the hacker.

Domino's UK said it has now fixed the issue.

The breach comes shortly after the attack on TalkTalk, the biggest on any British company. The ISP this week admitted that 156,959 customers were affected by the hack. Of those, some 15,000 had bank details and sort codes accessed by hackers, while 28,000 card details were accessed.

Domino's franchises in France and Belgium suffered a serious breach last year, with hackers demanding a  €30,000 (£24,000) ransom for a database of 600,000 customers' details.

Update: Marketing's original article stated that Domino's UK was working to fix the issue. The company has since clarified that the issue was fixed at 10am this morning (10 November), ahead of the article's publication. Marketing apologises for any confusion.

Become a member of Campaign

Get the very latest news and insight from Campaign with unrestricted access to , plus get exclusive discounts to Campaign events

Become a member

Looking for a new job?

Get the latest creative jobs in advertising, media, marketing and digital delivered directly to your inbox each day.

Create an alert now

Partner content