Tuesday, June 6, 2017

My Dominos Pizza Rewards Account Got Hacked

I was half asleep last night at about 11pm when I heard my phone buzz. I looked over at it and saw the notification from Dominos that my order was on the way. I hadn't ordered anything in my sleep since that Ambien incident back in my college days, so I figured that the notification was a delayed e-mail from a previous order I had made from Dominos. I opened the e-mail and, sure enough, someone had ordered two pizzas at 11:06pm from a Dominos halfway across the United States from me. I thought perhaps the person who ordered accidentally used my e-mail address, as it's similar to a few others out there and is occasionally fat-fingered. I logged into my Domino's account to be sure and, unfortunately, someone had gotten into it, redeemed the two free pizza rewards that I had built up and made an order. What kind of world are we living in when someone will be petty enough to steal a man's pizza?

The phone number to the store that the pizzas were ordered from was listed on the order receipt, so I called them up and asked them to cancel the order. The manager told me that I was too late, that the pizza purloiner had already picked it up. The order had come in at 11:06pm and I called the store at 11:22pm. That's just about 15 minutes, which is the average cook time for a Domino's Pizza. The guy must have gone to pick it up just after ordering it. I asked the manager if he could refund my points, but he said that only corporate could do that. Okay, not a big deal. It's just pizza, and I honestly don't begrudge some pizza to someone else who might need it more than I do. It's what the manager said afterwards that pissed me off:

"Yeah, I thought it was probably fake since your account is based in a different city and the name on the order is 'The Pizza Man'. We get about one of those per week". So, he suspected it was a falsified order, yet he didn't call the number listed on it to verify? Had he done so, he'd have been met with a non-working number and he could have then called my phone number which was still listed in the account profile. But, he's just a manager, and it's just a couple of pizzas and it's probably not worth the effort. I completely understand.

Apparently, back in December of 2016, Dominos notified their customers that their MyDominos site may have been compromised and that everyone should change their passwords. I must have somehow missed that e-mail. Rather than filling up everyone's SPAM folder with those requests, Dominos should have made the change mandatory to all customers upon logging into their website. But, that obviously didn't happen.

I called Dominos corporate this morning and got the issue straightened out and my pizza rewards refunded.

Here are a few tips that you should use with every restaurant website in order to make sure that, if you ever do get hacked, the damage will be minimal.

  • NEVER store credit card information. I know it's convenient, especially if you order often, but if someone does access your account and charges food to your credit card, you'll have to deal with two companies instead of one

  • Redeem your rewards ASAP. If there are no rewards available, there's no reason to hack your account. 

No comments:

Post a Comment