How A Hacker Got Chance To Get Free Pizza For Life Due To A Bug In Pizza App 

Share on twitter
Tweet
Share on whatsapp
WhatsApp
Share on facebook
Share
hacker finds a way free pizza for life

hacker finds a way free pizza for lifeShort Bytes: Paul Price, a security consultant from the UK, found a bug in Domino’s Pizza app that allowed him to get free pizza without making any payment. Here’s his story, telling more about the bug and what Price did when he came to know about the issue.

What will you do if you find out a way to get free pizza for life? Even if you are a responsible and honest person, this offer is enough to test you.

The same situation was presented in front of Paul Price, a security consultant from the UK, who found a bug in the British version of Domino’s Pizza app. He found that app’s API didn’t process the payments correctly.

As a result, if a user had enough technical knowledge, it would allow him/her to take advantage of the loophole and trick the pizza ordering application to accept invalid payments and ordering a free pizza.

“Errr, what? It looks like my order was placed without a valid payment,” Price wrote in a blog post. “Surely this is an oversight/edge case and Dominos’s will have back office checks in place before physically starting to prepare my order…right?”

Well, Price didn’t believe if the trick worked. So, to confirm the same, he called Domino’s to double check and he came to know that his pizza was being prepared.

“I called the store and they confirm they have received my order and it will be delivered within the next 20 minutes. My first thought:awesome. My second thought: shit” — he writes in his blog post.

It turns out that when the pizza came at his doorstep, Price told the delivery guy that there must have been a mistake with the order as he never made the payment. So, he paid £26 and kept his conscience clean.

Domino’s Pizza have since resolved this bug. So, Price decided to share the story with others.

“We take security extremely seriously and discovered this issue last year during one of our frequent reviews. We are pleased to say it was resolved very quickly,” says Rod Brooks, Domino’s head of IT.

Paul Price

What are your thoughts regarding this incident? What would’ve been your response after finding out such vulnerability?

Also read: Indian Hackers Rule Facebook’s Bug Bounty Program By Making Rs 48 Million

Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
Scroll to Top